On Fri, 12 Oct 2018 15:20:56 +0200,
Wolfgang Rosenauer wrote:
talking about only mercurial here.
Am 12.10.18 um 15:15 schrieb Takashi Iwai:
due to the lack of time, I'd like to give
away my maintainership of
two packages: git and mercurial. More strictly speaking, it's about
"Bugowner" field that needs to be re-assigned.
Since both are commonly used programs, I hope someone will take over
it and I can avoid submitting deletereq for them :)
I'm a bit surprised:
wolfi@Hygiea:~> osc maintainer -e mercurial
Defined in package: devel:tools:scm/mercurial
bugowner of mercurial :
maintainer of mercurial :
wolfgang(a)rosenauer.org, tiwai(a)suse.com, develop7(a)develop7.info
The package is actually well maintained AFAICT.
develop7 is very quick in getting new versions in and I also care.
It's true that for maintenance requests (aka security fixes) it mainly
fell back to you. Not sure if that is because you were faster in
reacting or you carry a suse.com
address and the security people
consider this primary above a community contributor?
I don't think we have any big issue regarding the develproject itself.
We can take the latest-and-greatest version if any security problem
comes up, and that's easy. It's all for TW. And we are lucky that
there are multiple great people contributing to these packages.
So, I think I can just step down from devel:tools:scm/mercurial.
But, as you stated, it comes to an interesting question when the topic
is about security, especially for Leap (that is actually SLE).
In general, the security issues are shared only among limited people
at an initial state. That's the reason SUSE people may get
information earlier (and hence often responsible to react earlier,
How can it be communicated with the external community maintainer?
I don't know -- it's a question to security team, I suppose.
To unsubscribe, e-mail: opensuse-packaging+unsubscribe(a)opensuse.org
To contact the owner, e-mail: opensuse-packaging+owner(a)opensuse.org