[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: NMU'ing for wishlist bugs? (aka: intent to NMU bind9)

On Tuesday 10 September 2002 12:14, Andres Salomon wrote:
> It's been over 3 months since I submitted a patch for bind9, to
> implement named running as a non-root user by default (#149059).  I
> tested the patch, and hoped to get some feedback (_any_ real feedback)
> from the maintainer; I have not gotten any.  So, unless anyone has some
> serious objections, I will NMU bind9.  It is embarrassing that we still,
> to this day, ship a bind9 package that runs as root by default
> (especially given bind's track record, wrt security).
> On a related note, with the new NMU policies set in place during woody's
> freeze, how are NMU's that fix wishlist bugs viewed?  I would expect
> that they'd be frowned upon, unless they add an important/heavily
> desired feature, and don't break anything.. but I figured I'd ask, just
> to clarify (as this isn't the only wishlist patch of mine that's being
> ignored by the maintainer..).

In my view NMU'ing for a wishlist should not occur.  If the problem is really 
one of security and the way bind is shipped right now is directly, currently 
dangerous then this is more like a normal -> important bug.  On the other 
hand if this is simply how you would like to see things done perhaps the 
maintainer understands the situation better.

Second guessing an active maintainer should be avoided.  bind9 happens to be 
packaged by someone whose opinion many of us trust and is an active developer 
so perhaps we should wait and hear his side of the story.

Reply to: