Re: Packages removed from frozen
>>"David" == David Starner <dvdeug@x8b4e53cd.dhcp.okstate.edu> writes:
>>
>> I am tempted to say, Horse puckey. I never say that gcc was
>> the only program that should qualify.
David> "gcc would be something that I would be willing to give special
David> dispensation for . . . However, this is not a dispensation that
David> should be lightly given. Bootstrapping from scratch should be
David> kept to ... the build essentials."
David> ^^^^^^^^^^^^^^^^^
David> Close enough.
In your mind.
I still say the dispensation should not be lightly given -- it
should only be given where strictly necesary. I have, however,
amended my stance about restricting it to build depends (not that
there was any attempt at dialogue -- people muist reaaaaly like flame
fests here).
Rather than jumping on details, did you even try to see if
xomething weorkable could be wrought out fo this? Hell, no.
>> You must be imagining things. Who talked about throeing the
>> code out by default? I talked about having the package maintainers
>> ask for dispensation, to ensure that the package are not putting in
>> self dependencies for convenience.
David> ~ $ fgrep -i ask original_message
David> ~ $
English might not be your first language, so this is
forgivable. How the hell did you think the dispensators knew how to
give a dispensation? Telepathy?
Or you just spoiling for a fight?
>> Brushing such potential security risks is a really bad idea,
>> and I am appaled that people are opposed to documenting these
>> packages in a well known place.
David> ~ $ fgrep -i doc original_message
David> A bug in the code is worth two in the documentation.
David> ~ $
Right. You really need things spelled out for you. Anyway, the
impression that people wanted to just sweep things under the rug
developed from the responses to my proposal (a lot of which were knee
jerk responses, somewhat liek this one, where the author decided to
disagree and reached for a flame thrower before partaking in a
rational discourse).
I can do that too.
I posit that my stating that dangerous packages should be
restricted to build essentials already requires documentation -- and
I am now convinced that perhaps a separate class of pacages apart
from buils essentials is required, but
David> No one's opposed to documenting these packages, but it doesn't
David> really matter to most of us.
That has been eminently clear. However, I suggest that the
project give two hoots about security.
As to my giving the dispensation for gcc; I have already
ensured (through using several non-Linux platforms to compile gcc_
that the trojan in the binary trick does not exist; and therefore any
trojans would have to be present in the source code.
manoj
gearing up to the inevitable flamefest
--
If a subordinate asks you a pertinent question, look at him as if he
had lost his senses. When he looks down, paraphrase the question
back at him.
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
Reply to: