Hi Raphael Thanks for the clarification. I see now that it was quite clear from the description.
I got the impression that this script should be used later in the process too. I now see that it is not the case. Thanks again. / Ola Sent from a phone On Thu, 26 May 2016, Ola Lundqvist wrote: > Hello dear maintainer(s), > > The Debian LTS team recently reviewed the security issue(s) affecting your > package in Wheezy: > https://security-tracker.debian.org/tracker/CVE-2015-1820 Hello Ola, I'm not sure if you got the process right here. Ususally that kind of mail is sent by the person doing frontdesk triaging and this week it's supposed to be Thorsten Alteholz. So that mail is sent (with the help of bin/contact-maintainers) by the person doing CVE triaging when the package gets added to dla-needed.txt. If the package is already listed in dla-needed.txt, someone in the LTS team decided that it was worth being fixed. After further investigation you can obviously decide that it's not the best course of action but then you would usually query the person who did the initial investigation and reply to the initial mail with more details explaining your point of view. (That package might have been taken over from dsa-needed.txt and thus we might not have any initial contact email... but still someone added it there.) Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/