On 07/21/2013 05:07 PM, Helmut Grohne wrote: >> To avoid having yet another list catching tons of spam, I don't think it >> will be >> opened for public postings. > > Your reasoning makes sense. Still it makes discovering the contact for a > random package a little harder and that is unfortunate. This issue > recently popped up on -devel during the Mayhem reports. If you have a > suggestion on how to mechanically determine the (public/private) > security contacts of a random package, that would be appreciated.
Thats pretty easy: - contact the person who signed the upload ~% who-uploads gpsd Uploads for gpsd: 3.9-1 to unstable: Bernd Zeimetz <[email protected]> 3.6-4+deb7u1 to wheezy: Bernd Zeimetz <[email protected]> 3.6-5 to unstable: Bernd Zeimetz <[email protected]> or the person in the changelog, which should never be a machine account... % zcat /usr/share/doc/gpsd/changelog.Debian.gz | parsechangelog - | grep Maintainer Maintainer: Bernd Zeimetz <[email protected]> Most list addresses on alioth do not allow to post to the list without subscribing. -- Bernd Zeimetz Debian GNU/Linux Developer http://bzed.de http://www.debian.org GPG Fingerprint: ECA1 E3F2 8E11 2432 D485 DD95 EB36 171A 6FF9 435F -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
