Eduard Bloch wrote: > #include <hallo.h> > * Craig Dickson [Thu, Feb 13 2003, 11:27:04PM]: > > > Debian maintainer typically did it (without any defined value for > > EXTRAVERSION, against upstream's clearly-expressed wishes), when run by > > Something that could be handled sanely inside of the developers > community. He tried. He used the BTS, he used email, and there was recently a discussion of it here on debian-devel (though if that discussion post-dates the release of the code that has everyone so upset, then it doesn't really count; I'm not quite clear on exactly when the nasty code was released). His next step should probably have been to take it to the Technical Committee, but apparently he either wasn't aware of that option or was too frustrated with the situation to wait for however long that might take to get a resolution. I don't condone his choice, but I understand the frustration. > > were somehow compromising the security of the end user's machine (it > > wasn't), nor to call it a "trojan", as if it were sneakily doing > > something behind the end user's back (it wasn't; the refusal to run is > > Maintainer isn't a user? When the maintainer is packaging the software, he is not acting as an end-user. He may also be an end-user, but that's a separate role which applies when he is actually _using_ the software, not _packaging_ it. > A software that expires silently (read: same > thing as bad shareware does) on certain systems is not trojaned? IMHO > this is something violation DSFG in the first line. You mean the non-discrimination clause? I believe that applies to the license under which the code is released, not the code itself; and in any case the Debian maintainer could have avoided the whole problem by simply supplying a value for the EXTRAVERSION variable, as upstream had been requesting. When that variable is defined, the program functions normally. Also note that the program does not fail on certain _systems_ -- you can download Ruediger's own .deb package, built from exactly the same source code, and it will function normally. It is only the official Debian _package_ that doesn't work (regardless of what system it's running on), and only because the Debian maintainer persisted in not doing a simple thing that upstream had requested (defining the EXTRAVERSION variable). Again, I don't condone Kuhlmann's action; I just think the seriousness of the problem is being blown horribly out of proportion. Craig
Attachment:
pgpYWQ34ugc5s.pgp
Description: PGP signature