On Sun, 2015-11-29 at 19:30 -0500, Michael Gilbert wrote: > Then you shouldn't use the Debian ntp package or any other Debian > package at all for that matter. Then I guess one can also close this bug as wontfix, suggesting any people not to use such packages or try to improve the situation within Debian.
> Like I said, the security tag is for now removed because I am not > going to deal with it as a security issue until you defend it to your > peers. Who are my peers? I described the issue, no one brought up a valid argument why this cannot be abused... what else do you want? A paper, peer-reviewed and published in Nature? > I am not interested in looking at it because I am far beyond > my tolerance threshold with your behavior. "Your tolerance treshold" ... funny... but even if I'd be a jerk, other users will thank you for hiding the security issue away by removing tag, just because you don't like me. > It is up to you to change that. As said before, I wrote you a mail when you said some unpleasant things about me several times, but didn't get any reply... The ball wouldn't be in my half of the fiel. > Clearly prior behavior plays a huge role here. Well the only other matter I can remember where we have had more direct interaction was about the blob issues in chromium. Apparently these are there and not just made up in my mind, others have reported it as well and even when that specific last case where I was involved was allegedly not possible to abuse, I still don't see a crime in reporting such cases and having it cleared up. Some people may not worry about software shipping blobs, or at least having framworks in place to download such (like Firefox does with OpenH264),... other however do and their case isn't less valid. I'm afraid that others took that ticket up and made some big news out of it even if it didn't turn out to be a big issue,... but that isn't my fault. So other than - I don't know the exact words you accused me last time - "not contributing code" or something like this... I don't see much wrong behaviour on my side. Anyway... since apparently this won't get solved, may I suggest that we close the bug as wontfix? Cheers, Chris.
smime.p7s
Description: S/MIME cryptographic signature

