Re: [exim-dev] Development blockage...

* David Woodhouse:

> I'm sure that those who maintain the Exim package in Linux (and other
> OS) distributions will also step up where necessary. I certainly
> expect to.

Debian will code security fixes on their own if necessary, provided that
they don't involve conceptual changes (to cope with protocol bugs, for
instance).

The main question I see from a security POV is if there is
infrastructure in place for coordinated disclosures of security
vulnerabilities. Even if it doesn't make a difference in practice, it's
usually a good idea to have official patches ready when a security
vulnerability is disclosed, and you need to prepare some infrastructure
(at the very least, a well-published mail alias with real people
acknowledging reports in a timely manner).