[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Proposal for removal of mICQ package

Anthony Towns <aj@azure.humbug.org.au> writes:

> So, basically, what you're saying is that you uploaded a package to Debian
> that included some malicious and obfuscated code from upstream, that
> neither you nor your sponsor (Joerg Jaspert according to the signature
> on the .changes; who appears to be Ruediger's AM too) spotted. The code
> in question, for those playing along at home, is (with minor reformatting
> to fit into 80 cols):

Yes, i havent looked at the source of micq. At least not long enough to
find such things. Thats too much if i would do that for every
I look thoroughly at everything in debian/* and take a quick look at
the rest, but nobody can request a code inspection for every line of it.
I then test the deb and look if everything is fine. If its a new
sponsoree for me i normally test the app again, but i havent done here
(i dont use micq and i dont find it useful...).
(Madkiss should have done that...)

Just for the record. :)

bye Joerg
<Christian> bignachos: the famous pornview maintainer?
<HoserHead> Christian: *don't* ask why he's typing so slowly
<bignachos> hey, at least i thoroughly test my packages

Attachment: pgpfMk_XwZHlw.pgp
Description: PGP signature

Reply to: