Le jeu 13/02/2003 à 17:52, Anthony Towns a écrit : > On the other hand, this makes no sense at all. The package doesn't have > intractable security holes, or license problems, and the bugs that've > gotten us into this mess are all trivial to fix. But the upstream maintainer has proven to be untrustworthy. I think it is a good reason enough to avoid software he maintains and consider it as unsuitable for Debian. > (a) avoiding packages that've been trojaned upstream entering > Debian, either through a Debian maintainer or via the > sponsorship system? You cannot ask the maintainers to review every single line of upstream code, especially when it is moving fast (I don't know whether it is the case for micq). Or else, we will have to seriously decrease the number of packages we provide. > (b) how to best interact with upstream maintainers that can get > exceedingly obnoxious? The author can be obnoxious without trojaning the code. This is a different matter. -- .''`. Josselin Mouette /\./\ : :' : josselin.mouette@ens-lyon.org `. `' joss@debian.org `- Debian GNU/Linux -- The power of freedom
Attachment:
signature.asc
Description: PGP signature