Re: Proposal for removal of mICQ package
On Thu, 13 Feb 2003 17:52, Anthony Towns wrote:
> > Additionally, I suggest to consider to add this piece of software to the
> > "unable to package" list.
> On the other hand, this makes no sense at all. The package doesn't have
> intractable security holes, or license problems, and the bugs that've
> gotten us into this mess are all trivial to fix. From what I've read of
> his posts, the upstream author doesn't even seem particularly unreasonable
> in any of his demands, or even particularly more obnoxious than various
> other people around the place.
I think that the action in question is much more obnoxious than most other
Consider the recent discussions about mplayer. The dispute that the mplayer
developers had with various Debian people was at least as severe as the mICQ
dispute. The mplayer developers appear to have the technical ability to do
the same things but decided not to. The difference is that the mplayer
developers although difficult to get along with are basically honest and
The mICQ actions are dishonest and not honorable, we have to consider what
such people might do next time. The example of "rm -rf" is far from a
hypothetical one, it's already happened before in a different context (DOS
BBS software that wanted to unlawfully uninstall itself if it thought that it
was being used for too long without shareware payments - the removal code was
buggy and cleaned out the hard drive).
If mICQ is packaged by someone else then the upstream will be rewarded for
their actions and encouraged to do such things again!
> Personally, "drop any and all packages that these could affect" seems
> like a pretty poor solution, both in that it loses the most functionality
> of all possible solutions, and in that it can only be done after the fact.
In any case we can't take action about something that hasn't happened. So
whenever an upstream developer does bad things it generally can't be
predicted (if it could then we should avoid the software).
As for losing the functionality, having a trojan horse in the distribution
(which is what mICQ is) is something we can't accept.
http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/ Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/ My home page