05:31 <andi-> ekleog: take neonutt..ryantm updated neomutt. Someone merged it.

05:32 <andi-> Also our unstable Mutt was updated iirc.

05:35 <andi-> I usually go through RHEL, SUSE, Debian, Ubunu , Gentoo, oss-sec & FD mails daily if I got the time.. Also a few language (go, rust, python,..) and vendor announcements arrive in my filtered notmuch inbox. It us enough stuff to keep me busy all day.

10:49 <ekleog> Hmm… but then where's the issue? Anyway there are no NSA (yet), so even reading the changelog wouldn't have changed much

10:50 <ekleog> As for the mail, congratulations :) I personally barely have time to read the mails from oss-security, and I globally gave up on FD when I noticed I hadn't seen mails about security of OSS that weren't also going to oss-security

10:51 <ekleog> then maybe I'd feel more incentive to read through my “security” folder if I didn't put IP/infowarrior/dailydave in there

11:02 <andi-> My point is that ideally everyone that bumps a package would take responsibility of (briefly) checking if that update might contain any security updates. Vcunat wrote that pretty nicely earlier this year on nix-devel

11:05 <ekleog> Oh, you meant for backporting

11:05 <ekleog> I hadn't understood that was the point, sorry! and indeed I completely agree with you :)

11:30 <andi-> I wouldn't expect people to randomly poll changelogs..

11:30 <andi-> unless you are actively maintaing that package then you should feel a bit of responsibility IMO