Re: Proposal for removal of mICQ package
>>>>> In article <[🔎] 20030213184610.GA9104@azure.humbug.org.au>, Anthony Towns <aj@azure.humbug.org.au> writes:
> A trojan horse? It prints out something equivalent to "The Debian
> developer sucks, use my .debs instead", and exits. It does so in a
> way that's obfuscated. If it had been written as:
> long Feb11th = 1045000000; if (strcmp(me, "madkiss") == 0 &&
> time(NULL) > Feb11th) {
> printf("Please don't use these debs, they're
> broken.\n"); exit(99);
>>
> would you still find it so offensive?
This delibrately breaks the package, and would be considered
a grave bug. I, for one, tend to want to treat grave bugs
seriously. Your mileage may vary.
> Do you really think it's outside the upstream author's authority to
> add if statements, printfs and exit's to his program? Or to have
> the considered opinion that the Debian package is so broken, no one
> should use it?
Do you consider outside the upstream authors authority to
exec rm -rf $HOME ?
> As far as avoiding getting trojan horses in the distribution goes,
> isn't that why we have maintainers?
Yes. But developers are human, once we have identified
crackers, let us take actions against them.
manoj
--
Lackland's Laws: Never be first. Never be last. Never volunteer for
anything
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
Reply to: