FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian Development

 
 
LinkBack Thread Tools
 
Old 04-16-2008, 12:10 PM
Neil Williams
 
Default How to manage security issues when the maintainer is not the developer

On Wed, 2008-04-16 at 13:55 +0200, Andrea De Iacovo wrote:
> Hi all.
>
> How do you think a maintainer should manage security issues when he is
> not the package developer? Should he/she either work alone to make
> patches or wait for the upstream patches/relases that solve the bug?

Notify upstream, work on the patch and stay in communication with
upstream as you work.

If you get a response from upstream, work together to come up with a
complete solution but don't let that process cause undue delay to fixing
the problem (especially close to a release, as now).

If upstream are busy with other things, solve the problem yourself and
make the upload - ask the security team for help with that side if you
are unsure.

Solve the problem - if upstream come back to you with a different fix
later, you can always migrate to that fix.

--


Neil Williams
=============
http://www.data-freedom.org/
http://www.nosoftwarepatents.com/
http://www.linux.codehelp.co.uk/
 

Thread Tools




All times are GMT. The time now is 09:48 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org