> * It seems like anyone that spends any time looking at this package > finds security bugs.
No. Other software in Debian with more severe security record didn't have such kind of bug open. See for example Samba, bind, and many others. Or maybe you also want these to be removed from Debian? This is purely your appreciation and your view on my software, I don't think this is reality. Also, the fact that I want the software to stay in Debian is precisely so that it has more eyes to look into the code, and then improve the quality. This isn't exactly a small software here. > * If you don't want to look specifically for security bugs, there are > plenty of other RC bug s to be found. Which I'm fixing, but please do not force me to hurry on them and do bad patches. > * This package depends on being able to modify configuration files of > other packages. (see #637501 and the bugs referenced in that bug) Yes, which is the goal of the software, yes. Also, I had some discussions with many DDs, some during debconf11, like with Ian Jackson, Raphael Hertzog, and many others, on how to fix this on a clean way, and I have plans for it. > I'm troubled by the responses that the many security bugs in these > packages get from the maintainer who is also the upstream author. > I'm worried that the maintainer/upstream author does not have an > adequate respect for security related issues. And me, I'm really seriously thinking you don't know how to handle security issues as well, given the fact that you've open public bugs, when you should have get in touch with me privately. This shows as well a big disrespect for what I do, if opening this bug wasn't enough. I have already fixed what Ansgar reported, and I am currently working on other fixes. Please mind to explain why I do not have "adequate respect for security related issues". I believe I do, since I have in the past made some QA uploads in timely manners (not even talking about this one package here). Cheers, Thomas -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
