Doom of Debian Re: Debian Weekly News - February 18th, 2003
Martin Schulze wrote:
Removing mICQ from Debian? Martin Loschwitz proposed to remove
mICQ from Debian entirely since the upstream author has placed a
harmful and obfuscated easter egg in the code, bypassing the
maintainer's testing. Anthony Towns asked all maintainers to
review upstream changes before packaging code, Branden Robinson
already reads every line of diff that gets applied to his XFree86
packages. Rüdiger Kuhlmann later reported that the problems were
resolved and that the easter egg was replaced. Martin Loschwitz also
sent an update.
If it isn't possible to trust free software, then it isn't valuable to bring on
a project like Debian either. :(
While Anthony's proposal of "Reviewing all upstream changes" makes sense on a
security standpoint, it will put the necessary strain to Debian to self-destruct
the distribution. There already are problems to port 6000+ packages on (how
many? 7? 11?) different architectures, this harmful easter egg could be the drop
that tops off the distribution. I have already begun to see growing disaffection
to GNU/Linux by former enthusiast people, and this can simply spell the final
doom on the credibility of open-source.
This, of course, is my humble opinion, and I may (hopefully) be wrong.
"The question of whether computers can think is like the"
"question of whether submarines can swim." -- Edsgar Dijkstra