[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Stop reporting non-bugs as bugs!

There are a number of non-bugs reported as bugs in cfingerd (see
http://www.debian.org/Bugs/db/pa/lcfingerd.html).  All were reported
by jbj@image.dk.

One thing that REALLY bothers me is that each bug he reported contains 
this at the end:

"This message is hastily written . . . Its contents may be
deliberately or accidentally untrue."

Deliberately untrue???  When reporting a bug?

Now let me say that I have no problem with people reported bugs that
they encounter.  However, I DO have a problem with people reported
bugs that they have NEVER encountered (see #24902, he never actually
tried upgrading it but claimed it didn't work) or bugs that may
THEORETICALLY exist after examining the source but may not really
exist.  I feel that this is what has been happening here.

One other thing -- bugs he reported are the only things holding up
hamm -- yet they may be "untrue".  This sounds very suspicious to me.
On the one labeled "Critical", he even refuses to give any details.

Now let's take a look at most of the other bugs:

Let's cover them.


  The submitter complains that all users can be listed using
  documented features.

  OF COURSE THEY CAN.  This is what finger is supposed to do!

  The rest of the problem mentioned offer no justification
  or confirmation of the problem or cases where it is encountered.


  The submitter complains that cfingerd ignores an
  existing config file on upgrade.

  This is totally false.  cfingerd's preinst detects an existing
  config file in the old location if doing an upgrade.



  The submitter complains that cfingerd reveals Debian version.

  * So does Apache
  * And boa
  * and sendmail
  * and uname
  * and more...

  This is NOT a bug.  I fail to understand how it could even
  be remotely contrued as such.

#24908 complaints that cfingerd runs programs from path.

  This is not a problem because cfingerd is started from inetd in
   Debian, so the path is KNOWN GOOD.

#24909 complains that cfingerd reveals it is cfingerd.

  So what?  And it's hardly a "back door" as the submitter reports.

  Most daemons reveal their name and version number.

#24899 complains that the configuration refuses connections from
       machines with no identd.

  Not a bug.  Modify the configuration.

#24897 has changes to documentation.  Not a bug.  Send it upstream.

Now then, that leaves two bugs that may indeed be serious (one of
which doesn't have any useful information in it, the other seems to
have a misunderstanding of the setuid mechanism) and one or two that I 
skipped because I'm not familiar enough with cfingerd's extra features 
to comment.

I do not mind, and indeed ENCOURAGE, the submission of bugs that
really are bugs (as the claimed buffer overflow would be).  However, I 
DO mind when people submit numerous non-bugs.  

John Goerzen   Linux, Unix consulting & programming   jgoerzen@complete.org |
Developer, Debian GNU/Linux (Free powerful OS upgrade)       www.debian.org |
Visit the Air Capital Linux Users Group on the web at http://www.aclug.org

To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: