[Techtalk] Handling security issues when you are upstream

[Mary]

On Sat, Oct 08, 2005, Devdas Bhagat wrote:
> You might want to contact the security teams for *BSD as well, or the
> maintainer of the port (if the package is not in base).

So where does one draw the line in terms of notifying, say, Linspire,
Progeny or the non-English distros, if one's software is packaged by
them? Does the community consider an upstream obliged to contact all
vendors they can find?

-Mary