On Tue, 29 Jun 2010 22:26:04 +0200, Stefano Zacchiroli wrote: > On Tue, Jun 29, 2010 at 12:35:19PM -0400, Joey Hess wrote: > > This apparently well-meaning idea that we can improve Debian's > > security etc by talking people out of doing jobs that they have > > volunteered to do, and are doing, is a recent trend that I really > > don't understand. > > Amen. > > > On Tue, Jun 29, 2010 at 01:34:46PM -0400, Michael Gilbert wrote: > > I really hope I haven't come across this way. It was certainly not > > my intention. Like I said in my first post to this discussion, I think > > a debate on the merit of the status quo with respect to the mozilla > > packages is greatly needed right now. If the result of this debate is > > maintaining the status quo, then that's just fine with me, but at least > > all of the dirty laundry has been aired, and an informed decision made. > > Well, I confess that it did come across that way also to me, and > probably to many others. The impression was something like: “someone not > working on iceweasel security in Debian is trying to convince someone > else which is working on that, not only to stop, but also to throw out > of the Debian main archive iceweasel all together”. > > Try looking at it that way for a minute and you surely understand how > surreal the debate looked like from the outside :-)
I can certainly see that perspective, and I can see now that I've chosen my words poorly, which has lead to a major communication breakdown. Hopefully restating clearly this time: my proposal is to no longer distribute mozilla packages in the main stable repository; instead they can be maintained in backports (or volatile) at the choosing of the maintainers of those packages (or converted to webkit to remain in stable main). I propose no changes to the mozilla packages in unstable or experimental. > > As for my non-involvement in mozilla security, that actually isn't > > true. I actually spent a great deal of effort to triage all of the > > mozilla issues in the security tracker about a year ago, and submitted > > bugs for the open ones. However, as a user, I have no access to > > mozilla patches, so I could go no further. I did what I could to > > improve mozilla security, then I just simply lost interest because I > > found webkit to be actually tractable. > > To the risk of repeating myself, Debian is a do-ocracy: who does the > work and does it well (as in this case!) gets the right to decide. If > you stopped working on iceweasel security, you kind of gave up your > rights of directly affecting the course of the package. Understood; however, ill-conceived security disclosure policies impede this process. I would fix the issues myself, but I am restricted from doing so because of upstream mozilla disclosure policy. That policy is the primary reason that I am no longer interested in mozilla. I don't really see my interests changing without changes happening upstream first. Best wishes, Mike -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100629170727.3d70722d.michael.s.gilb...@gmail.com