[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Packages removed from frozen

>>"Craig" == Craig Brozefsky <craig@red-bean.com> writes:

 Craig> Manoj Srivastava <srivasta@debian.org> writes:
 Craig> I think that removing packages for this would be ludicrous.
 >> 
 >> Really? Difficult, maybe, politically hard, maybe. but
 >> ludicrous? That's very narrow minded of you.

 Craig> No, ludicrous still.

        Fine you find my security concern ludicrous (is ti so hard to
 document potential security problems?), I find your devil may care
 attitude about security appalling.

        And, since you are not reading what I write anyway (I have
 never said we throw anything out), there is no point in this
 discussion.

        When you calm down, and can have an adult discussion again,
 let me know. 

 Craig> Not politically hard, politically impossible.
 Craig> Not difficult, impossible.  Ludicrous because it's like biting our
 Craig> nose off to spite our face.  There are so many circular dependencies
 Craig> in the build process that taking out packages that depend on
 Craig> themselves will accomplish nothing as far as making Debian buildable
 Craig> from nothing but source.  Ludicrous because it basically cuts out all
 Craig> packages that are developed in a rather common pattern;
 Craig> self-bootstrapping compilers and systems are considered elegant by
 Craig> many, especially language designers.


 Craig> Why another list when Build-Depends does this already?

        DOes what? Every package has a build depends. How does that
 tell me that some 40 odd packages out of a few thousand have security
 issue? 

 Craig> Your security argument is a strawman.  The source code is still there,
 Craig> and the binaries are signed by a Debian maintainer.

        You have, obviously, no background in security.

        There hae been trojans propogated in binaroes which depended
 on themseleves wothout ever appearing in source code. 

        Strawman, my foot.

        And the Debian maintainer may have no more experince in
 security matter than the average person, and, looking at the
 responses on this thread, may not even be aware of the risks.

        The special procedure could document whatever security measure
 were taken to audit the code, if any.

 Craig> No more threat than any other package in Debian.  One could

        You have no idea what you are talking about. I'm sorry, but
 you are letting your inexperience show; there is a difference, unless
 extra steps are taken to break the loop manually.

 Craig> I'm not worried that this would ever be accepted, so except for
 Craig> dogging your butt and making life hell for you I'll drop out!  No,
 Craig> just kidding Manoj, I have no intention of dogging you or anyone else
 Craig> actually, as that would also be ludicrous 8^)

        That has not stopped you so far.

        manoj
-- 
 The older you get, the better you realize you were. George Carlin
Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C
Reply to: