Hi,

I was under the impression that we were supposed to contact maintainers
when we add packages to dla-needed.txt, as part of the triage work. That
is, at least, the method documented here:

https://wiki.debian.org/LTS/Development#Triage_new_security_issues

Confident that people doing the triage would do so, I have stopped
double-checking that such work was being done but now, looking at the
python-gnupg package, I noticed nothing was sent out to the maintainer,
at least not with this list in CC. The maintainer and package are not in
data/packages/lts-do-not-call.txt so I think they should have been
contacted first.

Am I missing something here? Did we change this practice, or is this an
oversight?

A.
-- 
Arguing for surveillance because you have nothing to hide is no
different than making the claim, "I don't care about freedom of speech
because I have nothing to say."
                        - Edward Snowden

Attachment: signature.asc
Description: PGP signature

Reply via email to