[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Proposal for removal of mICQ package

On Thu, Feb 13, 2003 at 07:37:23PM +0100, Russell Coker wrote:
> > Personally, "drop any and all packages that these could affect" seems
> > like a pretty poor solution, both in that it loses the most functionality
> > of all possible solutions, and in that it can only be done after the fact.
> In any case we can't take action about something that hasn't happened.

Sure you can. The common term for doing that is "prevention". As in
"prevention is better than cure".

> As for losing the functionality, having a trojan horse in the distribution 
> (which is what mICQ is) is something we can't accept.

A trojan horse? It prints out something equivalent to "The Debian
developer sucks, use my .debs instead", and exits. It does so in a way
that's obfuscated. If it had been written as:

	long Feb11th = 1045000000;
	if (strcmp(me, "madkiss") == 0 && time(NULL) > Feb11th) {
		printf("Please don't use these debs, they're broken.\n");

would you still find it so offensive? Do you really think it's outside
the upstream author's authority to add if statements, printfs and exit's
to his program? Or to have the considered opinion that the Debian package
is so broken, no one should use it?

As far as avoiding getting trojan horses in the distribution goes, isn't
that why we have maintainers?


Anthony Towns <aj@humbug.org.au> <http://azure.humbug.org.au/~aj/>
I don't speak for anyone save myself. GPG signed mail preferred.

  ``Dear Anthony Towns: [...] Congratulations -- 
        you are now certified as a Red Hat Certified Engineer!''

Attachment: pgpFStHs7TYJG.pgp
Description: PGP signature

Reply to: