On Fri, Aug 12, 2011 at 05:52:59PM +0800, Thomas Goirand wrote: > > * It seems like anyone that spends any time looking at this package > > finds security bugs. > No. Other software in Debian with more severe security record didn't > have such kind of bug open. See for example Samba, bind, and many > others. Or maybe you also want these to be removed from Debian? > > This is purely your appreciation and your view on my software, I don't > think this is reality.
It is shared by a bunch of people, including myself, though. Your responses to the security bugs were below subpar, to put it mildly. There's not only lack of common sense in security, there's also ignorance and offensive behaviour. > Also, the fact that I want the software to stay in Debian is precisely > so that it has more eyes to look into the code, and then improve the > quality. This isn't exactly a small software here. Debian is not an incubator for bad software, I'm afraid. We're here for technical excellence. (C.f. your comment in README.Debian about how hard it is for you to comply with our beloved policy.) Your fixes to obvious bugs are also wrong and not properly thought through. > And me, I'm really seriously thinking you don't know how to handle > security issues as well, given the fact that you've open public bugs, > when you should have get in touch with me privately. This shows as well > a big disrespect for what I do, if opening this bug wasn't enough. Stop shooting the messenger, thanks. Kind regards Philipp Kern
signature.asc
Description: Digital signature
