Anthony Towns <aj@azure.humbug.org.au> writes: > So, basically, what you're saying is that you uploaded a package to Debian > that included some malicious and obfuscated code from upstream, that > neither you nor your sponsor (Joerg Jaspert according to the signature > on the .changes; who appears to be Ruediger's AM too) spotted. The code > in question, for those playing along at home, is (with minor reformatting > to fit into 80 cols): Yes, i havent looked at the source of micq. At least not long enough to find such things. Thats too much if i would do that for every sponsorship. I look thoroughly at everything in debian/* and take a quick look at the rest, but nobody can request a code inspection for every line of it. I then test the deb and look if everything is fine. If its a new sponsoree for me i normally test the app again, but i havent done here (i dont use micq and i dont find it useful...). (Madkiss should have done that...) Just for the record. :) -- bye Joerg <Christian> bignachos: the famous pornview maintainer? <HoserHead> Christian: *don't* ask why he's typing so slowly <bignachos> hey, at least i thoroughly test my packages
Attachment:
pgpfMk_XwZHlw.pgp
Description: PGP signature