Manoj Srivastava wrote: > Policy can make it so that packages are not accepted into > Debian unless you hop through certain hoops. Like making sure the > upload has a signature. Or that it has an entry in the override > file. No, those have nothing to do with policy and are implemented solely at the ftp master's discretion. If I had intended to "gate" setuid binaries from debian, I would have posted to debian-cabal, not debian-devel. > Are you saying that the review was not discussed as a gating > mechanism? If that is the case, then I admit I, for one, was fooled. > > Message-ID: <[🔎] 20030801151852.GB15502@alcor.net> > Message-ID: <[🔎] 20030801153312.GA23610@uk.intasys.com> > >> All set[ug]id setups should be reviewed before they go into the > >> archive. Manoj, you have misquoted Matt here. After the word "archive", he put not a period, but the rest of his sentence. If you read the whole thing: I absolutely support this idea. All set[ug]id setups should be reviewed before they go in the archive, and I volunteer to do the review (though I hope that others will help). Does this need a proposal to go into policy with the same force as the existing pre-depends verbiage? Matt is here, I belive, expressing a heartfelt opinion that it would be good for us to find security problems before they become *our* security problems. Moreover he's volenteering to do work. If his use of "should" was not satisfactory, well, he was not making a formal policy poposal either. I'm willing to cut people who do work a lot more slack than those who impede it. > The idea is not to only be nice and freindly to yes men, but > also to be able to discuss rationally with people who do not share > your view, without bringing in ridiculously insulting strawmen like > hopping on one foot. One of my rules of thumb is to stop replying to threads when my opponents resort to terms they learned in debating class, or to misquoting, since nothing good ever comes of it. Bye. -- see shy jo
Attachment:
pgp76OoOwsSFw.pgp
Description: PGP signature