Re: Accepted lynx 2.8.5-2sarge2 (source i386)
Steinar H. Gunderson [EMAIL PROTECTED] wrote: On Thu, Sep 14, 2006 at 12:15:43AM -, Thomas Dickey wrote: Martin Schulze has been told more than once that this was not an OpenBSD patch. Could you please tell me why this is such a huge deal? hmm. I'm given to understand that you don't get annoyed when people are (to be generous) careless with their descriptions of security-related issues. I could understand a certain annoyance, but yelling at them and calling their actions âmaliciousâ on public mailing lists seems a bit... overblown for misattributing a patch to lynx. As I noted, he's had 4 months to fix the problem, after acknowledging it. Perhaps he's too busy to do a competant job, and should be replaced. -- Thomas E. Dickey http://invisible-island.net ftp://invisible-island.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Accepted lynx 2.8.5-2sarge2 (source i386)
Steinar H. Gunderson [EMAIL PROTECTED] wrote: On Thu, Sep 14, 2006 at 12:15:43AM -, Thomas Dickey wrote: Martin Schulze has been told more than once that this was not an OpenBSD patch. Could you please tell me why this is such a huge deal? hmm. I'm given to understand that you don't get annoyed when people are (to be generous) careless with their descriptions of security-related issues. I could understand a certain annoyance, but yelling at them and calling their actions âmaliciousâ on public mailing lists seems a bit... overblown for misattributing a patch to lynx. hmm - if it were only one instance, you might have a point. But it's not. If he's not malicious, the other rule applies (not compentant). Take your pick. I don't care, would not have anything to do with Debian if the package maintainers did this poorly. bye -- Thomas E. Dickey http://invisible-island.net ftp://invisible-island.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Accepted lynx 2.8.5-2sarge2 (source i386)
On Thu, Aug 31, 2006 at 08:20:14AM +0200, Martin Schulze wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Sat, 13 May 2006 07:47:40 +0200 Source: lynx Binary: lynx Architecture: source i386 Version: 2.8.5-2sarge2 Distribution: stable-security Urgency: high Maintainer: Martin Schulze [EMAIL PROTECTED] Changed-By: Martin Schulze [EMAIL PROTECTED] Description: lynx - Text-mode WWW Browser Changes: lynx (2.8.5-2sarge2) stable-security; urgency=high . * Non-maintainer upload by the Security Team * Added OpenBSD patch to fix infinete loop rendering broken HTML [debian/patches/04_CVE-2004-1617.dpatch] Martin Schulze has been told more than once that this was not an OpenBSD patch. After the second time, there is no plausible excuse. Do you have an excuse? -- Thomas E. Dickey http://invisible-island.net ftp://invisible-island.net pgpMDsLV3pPby.pgp Description: PGP signature
Re: Accepted lynx 2.8.5-2sarge2 (source i386)
Thomas Dickey wrote: Date: Sat, 13 May 2006 07:47:40 +0200 [...] After the second time, there is no plausible excuse. Do you have an excuse? Why do you ask if you know there isn't? Hint: You could always look at the date of the actual update. Maybe you just file a minor bug, that would help people noticing and correcting the error. Kind regards T. -- Thomas Viehmann, http://thomas.viehmann.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Accepted lynx 2.8.5-2sarge2 (source i386)
On Wed, Sep 13, 2006 at 02:46:56PM +0200, Thomas Viehmann wrote: Thomas Dickey wrote: Date: Sat, 13 May 2006 07:47:40 +0200 [...] After the second time, there is no plausible excuse. Do you have an excuse? Why do you ask if you know there isn't? Because Martin's actions are malicious. He was told about this when _he_ put out an OpenBSD patch fix, then shortly afterwards wrote two more announcements. Hint: You could always look at the date of the actual update. Maybe you just file a minor bug, that would help people noticing and correcting the error. It's already in the changelog. -- Thomas E. Dickey http://invisible-island.net ftp://invisible-island.net pgpj7TRm9xmjM.pgp Description: PGP signature
Re: Accepted lynx 2.8.5-2sarge2 (source i386)
Thomas Viehmann [EMAIL PROTECTED] wrote: Thomas Dickey wrote: Date: Sat, 13 May 2006 07:47:40 +0200 [...] After the second time, there is no plausible excuse. Do you have an excuse? Why do you ask if you know there isn't? Hint: You could always look at the date of the actual update. You mean that re-issuing an incorrect announcement allows you to use the same excuse(*) as before? (*) an excuse which would go along the lines of I found this patch on someone else's ftp area, so I'll ignore your comments and changlog and assume they wrote the code since I want to say nice things about them -- Thomas E. Dickey http://invisible-island.net ftp://invisible-island.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Accepted lynx 2.8.5-2sarge2 (source i386)
Thomas Dickey [EMAIL PROTECTED] writes: On Wed, Sep 13, 2006 at 02:46:56PM +0200, Thomas Viehmann wrote: Thomas Dickey wrote: Date: Sat, 13 May 2006 07:47:40 +0200 [...] After the second time, there is no plausible excuse. Do you have an excuse? Why do you ask if you know there isn't? Because Martin's actions are malicious. He was told about this when _he_ put out an OpenBSD patch fix, then shortly afterwards wrote two more announcements. Hint: You could always look at the date of the actual update. Maybe you just file a minor bug, that would help people noticing and correcting the error. It's already in the changelog. He can fix a previous entry and cite it in next version. -- O T A V I OS A L V A D O R - E-mail: [EMAIL PROTECTED] UIN: 5906116 GNU/Linux User: 239058 GPG ID: 49A5F855 Home Page: http://www.freedom.ind.br/otavio - Microsoft gives you Windows ... Linux gives you the whole house. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Accepted lynx 2.8.5-2sarge2 (source i386)
Otavio Salvador [EMAIL PROTECTED] wrote: He can fix a previous entry and cite it in next version. Perhaps 4 months is too short a time for him to correct it. -- Thomas E. Dickey http://invisible-island.net ftp://invisible-island.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Accepted lynx 2.8.5-2sarge2 (source i386)
On Wed, Sep 13, 2006 at 08:26:09AM -0400, Thomas Dickey wrote: Martin Schulze has been told more than once that this was not an OpenBSD patch. After the second time, there is no plausible excuse. Do you have an excuse? Could you please tell me why this is such a huge deal? /* Steinar */ -- Homepage: http://www.sesse.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Accepted lynx 2.8.5-2sarge2 (source i386)
Steinar H. Gunderson [EMAIL PROTECTED] wrote: On Wed, Sep 13, 2006 at 08:26:09AM -0400, Thomas Dickey wrote: Martin Schulze has been told more than once that this was not an OpenBSD patch. After the second time, there is no plausible excuse. Do you have an excuse? Could you please tell me why this is such a huge deal? hmm. I'm given to understand that you don't get annoyed when people are (to be generous) careless with their descriptions of security-related issues. In that case, I don't know how to explain it... bye -- Thomas E. Dickey http://invisible-island.net ftp://invisible-island.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Accepted lynx 2.8.5-2sarge2 (source i386)
On Thu, Sep 14, 2006 at 12:15:43AM -, Thomas Dickey wrote: Martin Schulze has been told more than once that this was not an OpenBSD patch. Could you please tell me why this is such a huge deal? hmm. I'm given to understand that you don't get annoyed when people are (to be generous) careless with their descriptions of security-related issues. I could understand a certain annoyance, but yelling at them and calling their actions “malicious” on public mailing lists seems a bit... overblown for misattributing a patch to lynx. /* Steinar */ -- Homepage: http://www.sesse.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]