Re: mICQ roundup

To: debian-devel@lists.debian.org
Subject: Re: mICQ roundup
From: Emile van Bergen <emile-deb@evbergen.xs4all.nl>
Date: Mon, 17 Feb 2003 09:55:36 +0100
Message-id: <[🔎] 20030217085536.GA16183@evbergen.xs4all.nl>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20030216221033.GF3635@zewt.org>
References: <[🔎] 20030215213602.GA5966@o112.hadiko.de> <[🔎] 200302161545.06929.russell@coker.com.au> <[🔎] 20030216154619.GA4273@krikkit.ukeer.de> <[🔎] 200302161848.32551.russell@coker.com.au> <[🔎] 20030216191334.GE3635@zewt.org> <[🔎] 20030216213834.GA11583@evbergen.xs4all.nl> <[🔎] 20030216221033.GF3635@zewt.org>

Hi,

On Sun, Feb 16, 2003 at 05:10:33PM -0500, Glenn Maynard wrote:

> On Sun, Feb 16, 2003 at 10:38:34PM +0100, Emile van Bergen wrote:
> > 1. the action as taken by Rüdiger;
> > 2. expressing remorse for 1 or lack thereof; and
> > 3. implementing harmful code (i.e. involving harm outside the
> > not-functioning of the package itself; also note that in this case a
> > solution was presented immediately by the message).
> 
> > True, but that doesn't change the fact that 1, 2, and 3 above have
> > /very/ little to do with each other, and that 1 and 2 have no predictive
> > value for the likeliness of 3, especially because I consider that in a
> > completely different league.
> 
> I think this is where the groups disagree.  I believe #1 leads to #3,
> particularly in people failing #2.

Again, I think that someone who stole a candy has hardly any increased
likelyhood of armed bankrobbery. And that is how far apart I see a
message and a non-functional package with a given solution, from any
code that calls unlink(2) in some unexpected way.

> This is probably one of those fundamental opinions based on varying
> personal experience, that's not likely to change very much, so it's
> probably not worthwhile to debate it.

Indeed, let's drop this; however, even if we'd be certain that the 
/likelyhood/ increases, we cannot base any punishment on that, unless
you fully subscribe to the idea of pre-emptive action.

Needless to say, I don't. You cannot convict someone of acts he hasn't
committed, and that's rule #1 of civilised jurisdiction, IMHO.

> Do we agree, at least, that #1 combined with #2 indicates that it's very
> likely that he would be willing to repeat #1 in some form?  Whether or
> not it leads to #3, I don't think people who are willing to put obfuscated
> time-bombs in their code should have their code in Debian.

Fully agree there. I'd say the exclusion from Debian should have a time
limit though.

Cheers,

Emile.

-- 
E-Advies / Emile van Bergen   |   emile@e-advies.info
tel. +31 (0)70 3906153        |   http://www.e-advies.info

Attachment: pgp39KQgKEn6o.pgp
Description: PGP signature

Reply to:

References:
- mICQ roundup
  - From: Rüdiger Kuhlmann <debian-list-Z03BQH65YjkN@ruediger-kuhlmann.de>
- Re: mICQ roundup
  - From: Russell Coker <russell@coker.com.au>
- Re: mICQ roundup
  - From: Rico -mc- Gloeckner <mc@ukeer.de>
- Re: mICQ roundup
  - From: Russell Coker <russell@coker.com.au>
- Re: mICQ roundup
  - From: Glenn Maynard <g_deb@zewt.org>
- Re: mICQ roundup
  - From: Emile van Bergen <emile-deb@evbergen.xs4all.nl>
- Re: mICQ roundup
  - From: Glenn Maynard <g_deb@zewt.org>

Prev by Date: Re: /usr/bin/which
Next by Date: Re: initrd-tools
Previous by thread: Re: mICQ roundup
Next by thread: Re: mICQ roundup
Index(es):
- Date
- Thread