[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: netscape security hole



Marko Cehaja wrote:
> Dear friend,
> 
> On Thu, Aug 10, 2000 at 02:56:03PM -0400, Mike Werner wrote:
> > > > format, but written by someone else.  So now I'm curious as to just what it
> > > > takes to be considered to exist as part of Debian?
> > > 

Some interesting editing you did here ...

> > > Please read the Debian Social Contract policy:
> > > http://www.debian.org/social_contract

Let's put this line back in, since it's what I was referring to.
http://www.debian.org/distrib/packages
> > I went and looked at that page, and lo and behold there's a whole slew of
> > Netscape packages.  Just like the ones I've used to install Netscape onto my
> > systems.  Oh, wait a minute.  Those *are* the packages I used.
> 
> You didn't read the social contract and I consider this childish, that you
> even reply before that.

Yes, I did.  Accusing me of not reading it when you actually don't have the
slightest clue as to whether I did or not is childish.

> Quote from the social contract: We acknowledge that some of our users
> require the use of programs that don't conform to the Debian Free Software
> Guidelines. We have created "contrib" and "non-free" areas in our FTP
> archive for this software. The software in these directories is not part
> of the Debian system
> 
> Can you spot that sentence "is not part of the..."?

Uhh, gee that's a hard one.  I'll guess ... the last one?

Seems a load of double talk.  If something is not part of Debian, why make
it available?  Why not just stick with an installation package like is used
for RealPlayer?

> It doesn't mean if you find on debian servers some software, that it
> immediately belongs to Debian OS. There is so much software that work on
> Debian and is not Debian.
> 
> I hardly suggest you, that you read that social contract.

I already did.

> > > If Netscape *would* exist in Debian, you would almost immediately find the
> > > security alert on Debian site, first page.
> > 
> > I've received a number of recent security announcements via email
> > (debian-security-announce email list) that have not appeared on that page. 
> > Seems that Security blurb there isn't very up to date.
> 
> Please don't change my words.

I didn't.  I am pointing out that the Security announcement on the main
Debian page - the one that you pointed to as "evidence" - is out of date. 
Therefore, the non-appearance of a security notice there is meaningless.

> I told you if Netscape would be part of Debian OS,
> that would be reported.

And I pointed out why your explanation of an announcement on the Debian home
page was not necessarily correct.

> If you see something which is wrong about security, report it by yourself.

If I do, I will.

> > No, you don't.  Netscape has been packaged for Debian, in debs, available
> > straight from the Debian ftp server.  That pretty much meets the test for
> > existance in my book.
> 
> Using apt-get doesn't ensure at all that you use Debian OS. I have in my
> /etc/apt/sources.list couple of third party references. That doesn't mean
> I get Debian OS.

So do I.  The one I use the most is Helix Gnome.  Since it *did* come from
outside of Debian, I do not consider it as part of Debian.  Packages that
*did* come from the Debian site I do consider part of Debian.

> Please install the Virtual Mr. Richard Stallman on your system, the package
> is called vrms. Run it, and it will tell you pretty much, which packages
> are you running with licences which are not acceptable in Debian OS.

I've got it installed.  ::shrug::  Seems pretty useless.

> It is not fool-proof. Netscape and hundreds of other non-free programs,
> aren't part of Debian.

And I'll ask again, why does Debian make it available off of their server,
already prepackaged?  Why not go with an installation package as used for
RealPlayer?  That should satisfy both the zealots and the realists.  It
seems to have worked with RealPlayer.

(Yes, I know I keep going baclk to RealPlayer as an example, but it's the
*one* package I've installed in that manner.  And it worked just fine.)

> > ii  netscape-base-47 4.73-19          4.73 base support for netscape
> > ii  netscape-java-47 4.73-19          Netscape Java support for version 4.73
> > 
> > hey, wait a minute!  How'd Netscape get into that list?!?  It can't do that! 
> > It's not part of Debian! 
> 
> Go and inform yourself what Debian is. Spare me of your irony.

Aww, don't you like it? ::grin::
-- 
Mike Werner  KA8YSD   | He that is slow to believe anything and
                      | everything is of great understanding,
'91 GS500E            | for belief in one false principle is the
Morgantown WV         | beginning of all unwisdom.



Reply to: