Bug#841294: Overrule maitainer of "global" to package a new upstream version

[Ron <ron@debian.org>]

On Thu, Dec 08, 2016 at 06:24:32PM +0100, Didier 'OdyX' Raboud wrote:
> Le jeudi, 8 décembre 2016, 18.14:12 h CET Tollef Fog Heen a écrit :
> > Using open like in the code snippet above is pretty much inexcusable in
> > this day and age.
> 
> Fair enough, thanks for the explanation.
> 
> Ron: could you point us to your report of this problem to the upstream 
> bugtracker or list? What was the answer you got?

I didn't audit that code exhaustively when Punit proposed uploading it,
there were already enough things obviously wrong with what he was
suggesting to go through all of it with a fine toothed comb to find more
before he'd shown any interest in addressing the first lot.

But it stood out like a sore thumb when I was fact checking the answer
to Phil's question about the CGI being a hopeless case, to be sure that
my answer was as accurate as possible over the range of changes that
have happened to it.

It certainly seems like something that anyone professing that they
should be trusted to maintain this probably should have been looking
at when the red flags went up about upstream's idea of what is
adequately secure ...