Stop reporting non-bugs as bugs!
There are a number of non-bugs reported as bugs in cfingerd (see
http://www.debian.org/Bugs/db/pa/lcfingerd.html). All were reported
One thing that REALLY bothers me is that each bug he reported contains
this at the end:
"This message is hastily written . . . Its contents may be
deliberately or accidentally untrue."
Deliberately untrue??? When reporting a bug?
Now let me say that I have no problem with people reported bugs that
they encounter. However, I DO have a problem with people reported
bugs that they have NEVER encountered (see #24902, he never actually
tried upgrading it but claimed it didn't work) or bugs that may
THEORETICALLY exist after examining the source but may not really
exist. I feel that this is what has been happening here.
One other thing -- bugs he reported are the only things holding up
hamm -- yet they may be "untrue". This sounds very suspicious to me.
On the one labeled "Critical", he even refuses to give any details.
Now let's take a look at most of the other bugs:
Let's cover them.
The submitter complains that all users can be listed using
OF COURSE THEY CAN. This is what finger is supposed to do!
The rest of the problem mentioned offer no justification
or confirmation of the problem or cases where it is encountered.
The submitter complains that cfingerd ignores an
existing config file on upgrade.
This is totally false. cfingerd's preinst detects an existing
config file in the old location if doing an upgrade.
DOING AN INSTALL IS NOT THE SAME AS DOING AN UPGRADE.
The submitter complains that cfingerd reveals Debian version.
* So does Apache
* And boa
* and sendmail
* and uname
* and more...
This is NOT a bug. I fail to understand how it could even
be remotely contrued as such.
#24908 complaints that cfingerd runs programs from path.
This is not a problem because cfingerd is started from inetd in
Debian, so the path is KNOWN GOOD.
#24909 complains that cfingerd reveals it is cfingerd.
So what? And it's hardly a "back door" as the submitter reports.
Most daemons reveal their name and version number.
#24899 complains that the configuration refuses connections from
machines with no identd.
Not a bug. Modify the configuration.
#24897 has changes to documentation. Not a bug. Send it upstream.
Now then, that leaves two bugs that may indeed be serious (one of
which doesn't have any useful information in it, the other seems to
have a misunderstanding of the setuid mechanism) and one or two that I
skipped because I'm not familiar enough with cfingerd's extra features
I do not mind, and indeed ENCOURAGE, the submission of bugs that
really are bugs (as the claimed buffer overflow would be). However, I
DO mind when people submit numerous non-bugs.
John Goerzen Linux, Unix consulting & programming firstname.lastname@example.org |
Developer, Debian GNU/Linux (Free powerful OS upgrade) www.debian.org |
Visit the Air Capital Linux Users Group on the web at http://www.aclug.org
To UNSUBSCRIBE, email to email@example.com
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org