On 01/05/2012 06:34 PM, Sergiusz Pawlowicz wrote: > I am allowed to describe things as they are, > without a special permission or holding Companion of Honour medal.
1/ The way you describe things will always be your view, you can't just say that it is the holy truth, it's only your opinion, and others may not agree, and will reply to you if they don't. 2/ You are allowed to write whatever you want on all Debian lists, they aren't moderated. I don't think anyone has ever written to you that we forbid to write this or that. You can also: - swear at, or insult readers or contributors - write in bold high caps letters - point fingers at bad $maintainer and say he is an incompetent - say that all members of the $team are incompetent as well and don't understand any point of a discussion - etc. (please don't write back that I'm saying you do, I'm just stating that you CAN if you want to, I'm not saying something else.) But "allowed" doesn't mean that this is the right thing to do. > About bug #516394 - it cannot be patched, as nothing is broken. Oh, that's what I thought. I read the bug report, and remembered that djbdns was one of the very few resolvers that wasn't affected by the poisoning issue when it was discovered. I'm not sure though, I didn't read so much about it. But you know, over the years, software from DJB have gained a very bad reputation in Debian, mainly because of Qmail, which had many flaws (like differed bounce messages), because DJB refused to ship it in an open way which prevented Debian to ship it into main (it was in non-free for a long time) and that didn't get attention from its author who behaved in a non-responsive, non-responsible manner to the issues. So it's not surprising at all to see that the software received the same careless support from the security team, which is very busy, and lack man power. Yes, it's a shame. Yes, it should have been better. Luckily, it's not like that in all areas of Debian. And anyway, you can make a big lists of issues in Debian, there's lots of them, for sure. But shouting about them and pointing fingers is pointless, it wont solve issues. > A package maintainer had enough time to convince the Security Team they > are wrong. But it fits in the point e) - it requires strong effort, as > the Security team seems to be immune to arguments, similar to the most > of discussant in this thread. > I agree that the security team isn't as efficient as it should (in fact, in a way, it never will be, as any given minute a security issue isn't addressed, there are consequences), but that's mainly because of a lack of man power. Again, you are free to contribute and change things, I'm 100% sure that the security team will be happy to receive help (they always do)! Thomas -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
