On Sun, Apr 03, 2016 at 03:44:55PM -0700, Jeff Warnica wrote: > Upstream is adamant that he gets bug reports (and all bug reports are > security bug reports, especially on security software) against the version > included with Debian, which have since been fixed.
There are two ways jwz can get such bug reports: * from the BTS -- ie, with an explicit opt-in. If this hurts, "don't do that, then". * via e-mail: in that case, the software shouldn't advertise his address, as name or nick is adequate to show authorship. This doesn't apply for all people -- for example, there are many politicians, film directors, even software developers named "Adam Borowski", but "Jamie Zawinski" seems to be google-unique for as many pages as I checked.[1] Another possible concern is that he doesn't want his name associated with "obsolete" versions. In such case, a rename would work. jwz: could you tell us which of these concerns apply? > Debian applies changed *all the time* to "stable" packages. The alternative > proposal is to apply changes to "stable" software. Only for security and selected RC bugs. > If you do change things, then backport security fixes, however hard that > may be. Which Debian does! It's exactly what a stable release is about. > The laziest possible option is to remove the legitimate warning that the > software is obsolete. The software is not obsolete, it's fully working and at least as secure as the newest shiniest release. It does receive security updates, and the code had more time for bugs to surface. [1]. There's 1082 times as many people named Borowski than Zawi[nń]ski, having a Polish surname but non-Polish first name makes the combination rare, and yeah, jwz having a wee more claims for fame than me might also be a factor. -- A tit a day keeps the vet away.
