Hi all, I want to ask why the seamonkey packages still haven't been updated. Flagged for almost three weeks, maintainer active the whole time, and as usual for a browser, every new version means lots of fixed vulnerabilites: http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html I could have poked the maintainer (cc'd) via mail/irc, but my main motivation for this mail was to ask about the proper way of dealing with cases like this one. Bugtracker states "REPEAT: Do NOT report bugs for outdated packages!" ... plus I would probably be unsure about proper usage of project, category, severity, summary formatting and so on. [quite some time later] ... and by now I've read Allan's mail https://mailman.archlinux.org/pipermail/arch-dev-public/2014-March/025952.ht... and found https://wiki.archlinux.org/index.php/Arch_CVE_Monitoring_Team ... so yeah, seems like I got my answers. ;-) Last but not least: Hi, I'm Jens, also known as 'jra' (on IRC) or 'byte' (everywhere else), been using Arch since 'Noodles', and after a couple of years of absence from the Arch community I subscribed to almost all lists yesterday, trying to get up to things again. (btw: the listinfo overview is missing a description for this list)