>> 1. You did apply a patch relating to security without an explicit ack
>> From upstream.
>> I hope it is clear from the recent OpenSSL debacle why this must not
>> be done.
> Sorry, but no, it isn't.
Julien, you're trolling. Among the DDs I know, you're one of the most
active in making sure your non-trivial changes end up upstream.
But I'll bite.
One of the reasons why Free software tends to be less buggy than
proprietary code is that it is done in public. A patch that goes into
a Free software project goes through a mailing list, then is reviewed
by the project's maintainers, then goes into a public VCS repository,
then is scrutinised by distribution packagers.
Not so a Debian patch. It is subrepticiously inserted into some
subdirectory of the debian/ directory of a Debian package, without
ever going through public review. In short, it is never scrutinised
by the proverbial many eyes that make all bugs shallow.
Let me restate this: debian/patches/ is a way for lazy maintainers to
short-circuit the proper patch submission procedures of an upstream
project. Proper procedure, as obeyed by quality DDs, among which
I count [EMAIL PROTECTED], is to go through the normal upstream
channels.
I hope this crosses the eyes and dots the tees.
Juliusz
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Polipo-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/polipo-users
