[ Lucas Nussbaum ]
* Update my email address.
+ * Encourage the use of RT to contact the security team.
+ Patch from Thijs Kinkhorst. Closes: #610782
- -- Lucas Nussbaum <lucas@debian.org> Sat, 30 Jul 2011 15:49:22 +0200
+ -- Lucas Nussbaum <lucas@debian.org> Sat, 30 Jul 2011 15:52:49 +0200
developers-reference (3.4.5) unstable; urgency=low
<para>
When you become aware of a security-related bug in a Debian package, whether or
not you are the maintainer, collect pertinent information about the problem,
-and promptly contact the security team at
-&email-security-team; as soon as possible. <emphasis
-role="strong">DO NOT UPLOAD</emphasis> any packages for <literal>stable</literal>
-without contacting the team. Useful information includes, for example:
+and promptly contact the security team, preferedly by filing a ticket in
+their Request Tracker.
+See <ulink url="http://wiki.debian.org/rt.debian.org#SecurityTeam"></ulink>.
+Alternatively you may email &email-security-team;.
+<emphasis role="strong">DO NOT UPLOAD</emphasis> any packages for
+<literal>stable</literal> without contacting the team. Useful information
+includes, for example:
</para>
<itemizedlist>
<listitem>
<para>
+Whether or not the bug is already public.
+</para>
+</listitem>
+<listitem>
+<para>
Which versions of the package are known to be affected by the bug. Check each
version that is present in a supported Debian release, as well as
<literal>testing</literal> and <literal>unstable</literal>.