On Sun, 3 Aug 2003 23:52:57 -0400, Joey Hess <[EMAIL PROTECTED]> said:
> Manoj Srivastava wrote: >> Policy can make it so that packages are not accepted into Debian >> unless you hop through certain hoops. Like making sure the upload >> has a signature. Or that it has an entry in the override file. > No, those have nothing to do with policy and are implemented solely > at the ftp master's discretion. If I had intended to "gate" setuid > binaries from debian, I would have posted to debian-cabal, not > debian-devel. If it is policy to prevent setuid programs to get in to the archive without consensus on the devel list, I am sure ftp admin would have no difficulty implementing the solution. I am sorry for having believed that the proposed draft meant what is seemed to say, given that it would have, with everyone agreeing, gone into the policy document as it stood -- making it a bug not to have achieved consensus on -devel. >> Are you saying that the review was not discussed as a gating >> mechanism? If that is the case, then I admit I, for one, was >> fooled. >> >> Message-ID: <[EMAIL PROTECTED]> Message-ID: >> <[EMAIL PROTECTED]> >> >> All set[ug]id setups should be reviewed before they go into the >> >> archive. > Manoj, you have misquoted Matt here. After the word "archive", he > put not a period, but the rest of his sentence. If you read the > whole thing: > I absolutely support this idea. All set[ug]id setups should be > reviewed before they go in the archive, and I volunteer to do the > review (though I hope that others will help). Does this need a > proposal to go into policy with the same force as the existing > pre-depends verbiage? Does in no way change the point I made in my excerpt: given the language of the policy diff, it is not unreasonale to think that the the should is meant in policy terms. As I said, I sure was fooled. I guess I am just perverse. > Matt is here, I belive, expressing a heartfelt opinion that it would > be good for us to find security problems before they become *our* > security problems. Moreover he's volenteering to do work. If his use > of "should" was not satisfactory, well, he was not making a formal > policy poposal either. I'm willing to cut people who do work a lot > more slack than those who impede it. As I have said before, I have no beef with programs being audited. My point, from the beginning, was that the proposal seemed to talk about consensus on the list, and seemed to state it was a bug not to have achieved such a consensus. Rather than telling me that program permissions were packaging matters, I could simply have been told that the language of the draft was not to be interpreted in terms of the policy document. Despite your belittling comments, one of the tasks I have undertaken is to ensure the quality of the policy document; and this was supposed to be a draft of a policy change. However, I am used to having work on policy being considered mere bureaucracy, and impediments in the way of the worker bees. So be it. >> The idea is not to only be nice and freindly to yes men, but also >> to be able to discuss rationally with people who do not share your >> view, without bringing in ridiculously insulting strawmen like >> hopping on one foot. > One of my rules of thumb is to stop replying to threads when my > opponents resort to terms they learned in debating class, or to > misquoting, since nothing good ever comes of it. Bye. Disparaging remarks from you are kosher, but terms from debating class (since I never took any, I can only suppose you mean strawmen) are not. Fine. Your call. manoj -- The destruction of the Berlin wall marked history's first feminine revolution: There had been no violence and when it ended everybody went shopping. Manoj Srivastava <[EMAIL PROTECTED]> <http://www.debian.org/%7Esrivasta/> 1024R/C7261095 print CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C