Both sides have valid points:
1) we should remove vulnerable cruft from the tree
2) we should not break dependencies for any arch, regardless of their
response time
I believe some communication adjustments could avoid unnecessary conflict.
If a package cannot be removed because a newer version
On Sun, 2007-11-02 at 22:46 +, Stephen Bennett wrote:
> On Sun, 11 Feb 2007 22:23:44 +0100
> Jakub Moc <[EMAIL PROTECTED]> wrote:
>
> > Oh sure... Next time, blame me for Sept 11, keep amusing us by your
> > bullshit.
>
> If you like, I can say that you killed Jesus and were single-handedly
>
Stephen Bennett wrote:
On Sun, 11 Feb 2007 22:23:44 +0100
Jakub Moc <[EMAIL PROTECTED]> wrote:
Oh sure... Next time, blame me for Sept 11, keep amusing us by your
bullshit.
If you like, I can say that you killed Jesus and were single-handedly
responsible for the extinction of the dinosaurs. W
On Sun, 11 Feb 2007 21:52:55 +0100 Matti Bickel <[EMAIL PROTECTED]> wrote:
| How about cc'ing arches, which are affected by this? You still get
| your point across and maybe arches move it up their priority list if
| they see a removal "b/c of centuries old vulnerabilities".
How about assigning th
On Sun, 11 Feb 2007 22:23:44 +0100
Jakub Moc <[EMAIL PROTECTED]> wrote:
> Oh sure... Next time, blame me for Sept 11, keep amusing us by your
> bullshit.
If you like, I can say that you killed Jesus and were single-handedly
responsible for the extinction of the dinosaurs. Would that make you
happ
Matti Bickel napsal(a):
> How about cc'ing arches, which are affected by this? You still get your
> point across and maybe arches move it up their priority list if they see
> a removal "b/c of centuries old vulnerabilities".
I did CC mips, and did write that it needs version x.y.z stabilized
first
Ciaran McCreesh napsal(a):
> On Sun, 11 Feb 2007 21:33:59 +0100 Jakub Moc <[EMAIL PROTECTED]> wrote:
> | So, what are you blaming me for here? Grrr.
>
> Misassigning or premature filing, as you prefer.
Oh sure... Next time, blame me for Sept 11, keep amusing us by your
bullshit.
--
Best regard
On Sun, 11 Feb 2007 19:50:02 +0100
Jakub Moc <[EMAIL PROTECTED]> wrote:
> Won't waste my time on your trollish rants any more.
Hehe, whenever you write this, there's always several more posts from you down
the same thread. It's kind of amusing.
--
Andrej "Ticho" Kacian
Gentoo Linux Developer -
Jakub Moc <[EMAIL PROTECTED]> wrote:
> Ciaran McCreesh napsal(a):
> > | Screaming? WTF really. What's misleading about listing vulnerable
> > | versions and asking for their removal?
> >
> > They can't be removed yet. Stop filing bugs telling people to do so.
>
> Eh? Why should I stop filing bugs
On Sun, 11 Feb 2007 21:33:59 +0100 Jakub Moc <[EMAIL PROTECTED]> wrote:
| So, what are you blaming me for here? Grrr.
Misassigning or premature filing, as you prefer.
--
Ciaran McCreesh
Mail: ciaranm at ciaranm.org
Web : http://ciar
Alexander Færøy napsal(a):
> Hi,
>
> On Sun, Feb 11, 2007 at 07:50:02PM +0100, Jakub Moc wrote:
>> Eh? Why should I stop filing bugs about stale vulnerable cruft? Should
>> it stay in the tree forever (unless some $we_all_know_which_arch dev
>> wakes up by miracle and moves)?
>
> If you give away
Hi,
On Sun, Feb 11, 2007 at 07:50:02PM +0100, Jakub Moc wrote:
> Eh? Why should I stop filing bugs about stale vulnerable cruft? Should
> it stay in the tree forever (unless some $we_all_know_which_arch dev
> wakes up by miracle and moves)?
If you give away enough usable information, then sure.
On Sun, 11 Feb 2007 19:50:02 +0100 Jakub Moc <[EMAIL PROTECTED]> wrote:
| Ciaran McCreesh napsal(a):
| > | Screaming? WTF really. What's misleading about listing vulnerable
| > | versions and asking for their removal?
| >
| > They can't be removed yet. Stop filing bugs telling people to do so.
|
Ciaran McCreesh napsal(a):
> | Screaming? WTF really. What's misleading about listing vulnerable
> | versions and asking for their removal?
>
> They can't be removed yet. Stop filing bugs telling people to do so.
Eh? Why should I stop filing bugs about stale vulnerable cruft? Should
it stay in th
On Sun, Feb 11, 2007 at 05:40:27PM +, Ciaran McCreesh wrote:
> On Sun, 11 Feb 2007 18:30:43 +0100 Jakub Moc <[EMAIL PROTECTED]> wrote:
> | - I'm *not* demanding anything from *arch teams*, the bugs are for
> | *maintainers* of those packages. I've already told you couple of
> | times, why are y
On Sun, 11 Feb 2007 18:49:21 +0100 Jakub Moc <[EMAIL PROTECTED]> wrote:
| Why should I assign bugs to arch teams??? Arch teams are not supposed
| to punt stuff from the tree, it's maintainer's job.
Because the arch teams have to do work before the maintainers can do
anything.
| > *All* the recent
Ciaran McCreesh napsal(a):
> On Sun, 11 Feb 2007 18:30:43 +0100 Jakub Moc <[EMAIL PROTECTED]> wrote:
> | - I'm *not* demanding anything from *arch teams*, the bugs are for
> | *maintainers* of those packages. I've already told you couple of
> | times, why are you making these misleading statements
On Sun, 11 Feb 2007 18:30:43 +0100 Jakub Moc <[EMAIL PROTECTED]> wrote:
| - I'm *not* demanding anything from *arch teams*, the bugs are for
| *maintainers* of those packages. I've already told you couple of
| times, why are you making these misleading statements yet again?
And yet, somehow develo
Ciaran McCreesh napsal(a):
> | > * Don't remove packages that will end up breaking the tree or
> | > forcing downgrades; conversely, when vulnerable packages *can* be
> | > removed safely, do so.
> |
> | And is/should be done right now :-)
>
> No, what's done right now is that Jakub files whiny
On Sun, 11 Feb 2007 17:18:45 +0100 Matti Bickel <[EMAIL PROTECTED]> wrote:
| And i understood he argued quite the opposite. To my knowledge the
| security team p.masks "common" (type A and B) packages, and i'm sure
| they don't do this for nothing, though i agree that probably should be
| left for
Ciaran McCreesh <[EMAIL PROTECTED]> wrote:
> On Sun, 11 Feb 2007 15:42:33 +0100 "Kevin F. Quinn" wrote:
> | I said nothing about local denial of service; perhaps you're thinking
> | of a particular instance - I'm not. To rhetorically follow your line
> | of discussion, you're happy to have remote
On Sun, 11 Feb 2007 15:42:33 +0100 "Kevin F. Quinn"
<[EMAIL PROTECTED]> wrote:
| I said nothing about local denial of service; perhaps you're thinking
| of a particular instance - I'm not. To rhetorically follow your line
| of discussion, you're happy to have remote exploits remain in the tree
| (
On Sun, 11 Feb 2007, Kevin F. Quinn wrote:
> I think if we're to promote packages that have security issues on an
> arch, we need to be very clear that we're not making reasonable efforts
> to ensure that arch is free of known exploits.
>
I agree. The term "promote" is perhaps a little bit exagg
On Sun, 11 Feb 2007 12:33:52 +
Ciaran McCreesh <[EMAIL PROTECTED]> wrote:
> On Sun, 11 Feb 2007 13:22:48 +0100 "Kevin F. Quinn"
> <[EMAIL PROTECTED]> wrote:
> | Do you object to such packages (specifically with security issues)
> | being p.masked?
>
> If it's forcing a downgrade, yes.
>
> | I
On Sun, 11 Feb 2007 07:56:29 -0500
Mike Frysinger <[EMAIL PROTECTED]> wrote:
> wonder if there'd be a way of levaraging the glsa tags ...
>
> if ("remote" in ) screw over $ARCH in KEYWORDS
> -mike
If it's a security-unsupported arch we probably don't even care about
that enough to lose keywords
On Sunday 11 February 2007, Ciaran McCreesh wrote:
> On Sun, 11 Feb 2007 13:22:48 +0100 "Kevin F. Quinn"
> | I'm not sure we should be encouraging people to continue using
> | packages when we know there are known security issues.
>
> You assume that being affected by a local denial of service on a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Kevin F. Quinn wrote:
> Do you object to such packages (specifically with security issues) being
> p.masked?
I'd say drop all but the "slacking" arch's keywords, as Luca suggested.
It may well be one of the security-unsupported arches anyway.
- --
Vla
On Sun, 11 Feb 2007 13:22:48 +0100 "Kevin F. Quinn"
<[EMAIL PROTECTED]> wrote:
| Do you object to such packages (specifically with security issues)
| being p.masked?
If it's forcing a downgrade, yes.
| I'm not sure we should be encouraging people to continue using
| packages when we know there ar
On Thu, 8 Feb 2007 22:34:32 +
Stephen Bennett <[EMAIL PROTECTED]> wrote:
> If any of you were thinking of removing the latest stable version of a
> package, don't. Even if you're the package maintainer, even if there
> are open security bugs against it, even if someone has filed you a bug
> re
If any of you were thinking of removing the latest stable version of a
package, don't. Even if you're the package maintainer, even if there
are open security bugs against it, even if someone has filed you a bug
requesting that it be removed. If it's the latest stable version on any
architecture, yo
30 matches
Mail list logo
