[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: The New Security Build Infrastructure

On Wed, Jun 19, 2002 at 09:13:47PM +1000, Jason Thomas wrote:
> On Wed, Jun 19, 2002 at 06:12:59PM +1000, Anthony Towns wrote:
> > On Wed, Jun 19, 2002 at 10:04:35AM +0200, Florian Weimer wrote:
> > > > This is the way it is with security, it is that way for some very good
> > > > reasons.
> > > It's the current way with security, and this way is fundamentally
> > > flawed.  
> > Life is fundamentally flawed, big deal. Do you have an alternative that
> > protects our users from attacks at least as well as the current system
> > does, or are you just another one of the idiots who thinks this sort of
> > unproductive nonsense is "contributing" somehow?
> So if practice does not match policy one should change.

Popular meme, that; but being popular doesn't make it right.

We've got a fairly simple choice, we can either spend all our time
fighting about whether a pedantic and annoyed reading of every document
we produce matches precisely with what we do at all times, or we can
get on with our lives and produce the best operating system we can.

Do you want to do things differently? If so, stop talking around the
point and tell us how you'd do things differently and show that it's
clearly better than the way we currently do things. If not, stop talking
around the point, and say exactly what you'd like said differently, and
why the changes you want made are important enough to make the effort.

Have you read the social contract, btw? It says:

	3. We Won't Hide Problems

	We will keep our entire bug-report database open for public view
	at all times. Reports that users file on-line will immediately
	become visible to others.

The heading that you claim to be misunderstanding seems pretty well
explained by the text underneath to me.

But again, the things that make Debian better are better software and
the tools and processes leading to that. Tweaking the language in the
social contract seems to me to have remarkably little to do with that.


Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG signed mail preferred.

     ``BAM! Science triumphs again!'' 
                    -- http://www.angryflower.com/vegeta.gif

Attachment: pgpySGaSzRh_c.pgp
Description: PGP signature

Reply to: