Re: Proposal for removal of mICQ package

To: Anthony Towns <aj@azure.humbug.org.au>, debian-devel@lists.debian.org
Cc: joerg@debian.org, debian@ruediger-kuhlmann.de
Subject: Re: Proposal for removal of mICQ package
From: Russell Coker <russell@coker.com.au>
Date: Thu, 13 Feb 2003 19:37:23 +0100
Message-id: <[🔎] 200302131937.23779.russell@coker.com.au>
Reply-to: Russell Coker <russell@coker.com.au>
In-reply-to: <[🔎] 20030213165225.GB7379@azure.humbug.org.au>
References: <[🔎] 20030213151420.GA1168@minerva.local.lan> <[🔎] 20030213165225.GB7379@azure.humbug.org.au>

On Thu, 13 Feb 2003 17:52, Anthony Towns wrote:
> > Additionally, I suggest to consider to add this piece of software to the
> > "unable to package" list[1].
>
> On the other hand, this makes no sense at all. The package doesn't have
> intractable security holes, or license problems, and the bugs that've
> gotten us into this mess are all trivial to fix. From what I've read of
> his posts, the upstream author doesn't even seem particularly unreasonable
> in any of his demands, or even particularly more obnoxious than various
> other people around the place.

I think that the action in question is much more obnoxious than most other 
people.

Consider the recent discussions about mplayer.  The dispute that the mplayer 
developers had with various Debian people was at least as severe as the mICQ 
dispute.  The mplayer developers appear to have the technical ability to do 
the same things but decided not to.  The difference is that the mplayer 
developers although difficult to get along with are basically honest and 
trustworthy.

The mICQ actions are dishonest and not honorable, we have to consider what 
such people might do next time.  The example of "rm -rf" is far from a 
hypothetical one, it's already happened before in a different context (DOS 
BBS software that wanted to unlawfully uninstall itself if it thought that it 
was being used for too long without shareware payments - the removal code was 
buggy and cleaned out the hard drive).

If mICQ is packaged by someone else then the upstream will be rewarded for 
their actions and encouraged to do such things again!

> Personally, "drop any and all packages that these could affect" seems
> like a pretty poor solution, both in that it loses the most functionality
> of all possible solutions, and in that it can only be done after the fact.

In any case we can't take action about something that hasn't happened.  So 
whenever an upstream developer does bad things it generally can't be 
predicted (if it could then we should avoid the software).

As for losing the functionality, having a trojan horse in the distribution 
(which is what mICQ is) is something we can't accept.

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to:

Follow-Ups:
- Re: Proposal for removal of mICQ package
  - From: Anthony Towns <aj@azure.humbug.org.au>

References:
- Proposal for removal of mICQ package
  - From: Martin Loschwitz <madkiss@madkiss.org>
- Re: Proposal for removal of mICQ package
  - From: Anthony Towns <aj@azure.humbug.org.au>

Prev by Date: do not do this
Next by Date: Re: [internal-projects] [Debian-multimedia] Start an official internal project!
Previous by thread: Re: Proposal for removal of mICQ package
Next by thread: Re: Proposal for removal of mICQ package
Index(es):
- Date
- Thread