Security contact != Maintainer

[sjn]

Hei!

In Annex II, point (2) of the Cyber Resilience Act, they treat the "supplier" (which I guess may correspond to any of "author", "maintainer" or "custodian") separately from "security contact".

The values for these fields may be the same, but need still to be separate for the situations where they have_to be distinct.

So could we have a separate security_contact field, distinct from maintainer? 🙂

[timlegge]

I will look at it, not sure where to put it yet