Re: setuid/setgid binaries contained in the Debian repository.
On Sun, 3 Aug 2003 18:53:34 -0400, Joey Hess <joeyh@debian.org> said:
> Manoj Srivastava wrote:
>> I would be enthusiastically for a list like -legal, where people
>> can go and ask for help to have packages audited, but not for
>> people rolling up policy to beat people on the head to make it so.
> Perhaps your confusion stems from me using a non-normative "should"
> in the draft text of the proposal. Of course a policy "SHOULD"
> cannot mandate developer behavior outside a package, as I alluded to
> in my very first reply to you.
Well, when someone proposes a patch to policy, with a properly
created patch against current policy, then of course the normal
assumption is that the person was using should as policy normally
does. How can one tell otherwise?
> If that's all you're objecting to, you've chosen a really
> counterproductive way to do it,
Really? I recall starting off with a question. I said this
seems like a good practice kind of thing, and whether it should be
dev reference material. Just the thing to get people pissed off, eh?
I followed up with mentioning that it was not just nethack,
other games were also affected, and that, unlike the implication in
the original patch, there was more than discussion required, help
would be needed to modify programs if setgid was not acceptable.
So far, I am 6-7 mails into the discussion, and I have been
quiet, polite and asking for explanations.
Then you brought up a bunch of examples about recommendations
in policy, and I pointed out that those cases were different, since
program code and behaviour, or program design, were often not
involved. Then mdz said something about this is all just packaging,
and I protested.
So far, I fail to see what exactly has been said (until the
disingenuous remark) that is so very counterproductive.
Perhaps I was not so off the mark when I talked about chips on
the shoulder?
I note that later discussion tried to paint this whole process
as getting people involved in auditing code, and not a mandatory
requirement (ie, if you do not get a consensus then your package is
buggy) that was in the original proposal.
I have a full log of this email conversation, as indeed do the
list archives, so just go back and lok the whole thread up.
> since you've merely managed to piss
> off me and several other people who are actually interested in doing
> some work.
If I pissed you folks off, then rest assured that the contrary
was also true, but I am not going to whine about people on this
mailing list annoying me or hurting my poor, beleaguered ego. The
conversation degenerated due to little jabs and pin pricks from all
around; which unfortunately seems to be the cost of doing business in
this mailing list -- unless, of course, you muzzle your own opinions
and follow the herd.
So either get a thicker skin, or do not expect petulant mails
to me to not get the treatment they deserve. I always start of
politely, and would never get confrontational unless in reaction (hi
aj).
As for doing work in reviewing packages, I would not be
disinclined to do so -- though that was a neat jab, couching this
disagreement in terms of crusty old loafer pissing off the hard
working folks.
> Bear in mind that policy appropriates perfectly common and valid
> English for its own uses, and this is very easy to stumble over when
> writing proposals. I for one, have a history of stumbling over it
> multiple times in the past, and I expect to continue to do so until
> policy is fixed to use uppercased normative words or something like
> that.
Well, If this proposal was in plain text, not a properly
formed patch against current policy, and thus meant to be interpreted
in the context of the policy document, perhaps that would have been
clearer.
manoj
--
One good reason why computers can do more work than people is that
they never have to stop and answer the phone.
Manoj Srivastava <srivasta@debian.org> <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05 CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
Reply to: