Fuerthermore,
How do I know to whom I must assign the bug? I have no idea what package this bug would belong.
The fixes will have to be applied in the core packages such as acs-kernel, acs-authentication, acs-tcl and so on, and I don't know who is responsible for which package.
Perhaps, that's a good example that we could use to clean up a few processes in the BUG tracker workflow. Couldn't we?