Re: setuid/setgid binaries contained in the Debian repository.

To: debian-devel@lists.debian.org
Subject: Re: setuid/setgid binaries contained in the Debian repository.
From: Manoj Srivastava <srivasta@debian.org>
Date: Sun, 03 Aug 2003 19:43:46 -0500
Message-id: <[🔎] 87ptjmjlq5.fsf@glaurung.green-gryphon.com>
In-reply-to: <[🔎] 20030803225334.GE896@dragon.kitenet.net> (Joey Hess's message of "Sun, 3 Aug 2003 18:53:34 -0400")
References: <[🔎] 20030802011210.GA14970@dragon.kitenet.net> <[🔎] 87u190r7ur.fsf@glaurung.green-gryphon.com> <[🔎] 20030803155903.GE3030@dragon.kitenet.net> <[🔎] 87oez6n0vr.fsf@glaurung.green-gryphon.com> <[🔎] 20030803172413.GA6926@dragon.kitenet.net> <[🔎] 873cgilcnf.fsf@glaurung.green-gryphon.com> <[🔎] 20030803225334.GE896@dragon.kitenet.net>

On Sun, 3 Aug 2003 18:53:34 -0400, Joey Hess <joeyh@debian.org> said: 

> Manoj Srivastava wrote:
>> I would be enthusiastically for a list like -legal, where people
>> can go and ask for help to have packages audited, but not for
>> people rolling up policy to beat people on the head to make it so.

> Perhaps your confusion stems from me using a non-normative "should"
> in the draft text of the proposal. Of course a policy "SHOULD"
> cannot mandate developer behavior outside a package, as I alluded to
> in my very first reply to you.

	Well, when someone proposes a patch to policy, with a properly
 created patch against current policy, then of course the normal
 assumption is that the person was using should as policy normally
 does. How can one tell otherwise?

> If that's all you're objecting to, you've chosen a really
> counterproductive way to do it,

	Really? I recall starting off with a question. I said this
 seems like a good practice kind of thing, and whether it should be
 dev reference material. Just the thing to get people pissed off, eh?

	I followed up with mentioning that it was not just nethack,
 other games were also affected, and that, unlike the implication in
 the original patch, there was more than discussion required, help
 would be needed to modify programs if setgid was not acceptable.

	So far, I am 6-7 mails into the discussion, and I have been
 quiet, polite  and asking for explanations.

	Then you brought up a bunch of examples about recommendations
 in policy, and I pointed out that those cases were different, since
 program code and behaviour, or program design, were often not
 involved. Then mdz said something about this is all just packaging,
 and I protested. 

	So far, I fail to see what exactly has been said (until the
 disingenuous remark) that is so very counterproductive.

	Perhaps I was not so off the mark when I talked about chips on
 the shoulder?

	I note that later discussion tried to paint this whole process
 as getting people involved in auditing code, and not a mandatory
 requirement (ie, if you do not get a consensus then your package is
 buggy) that was in the original proposal.

	I have a full log of this email conversation, as indeed do the
 list archives, so just go back and lok the whole thread up.

>         since you've merely managed to piss
> off me and several other people who are actually interested in doing
> some work.

	If I pissed you folks off, then rest assured that the contrary
 was also true, but I am not going to whine about people on this
 mailing list annoying me or hurting my poor, beleaguered ego.  The
 conversation degenerated due to little jabs and pin pricks from all
 around; which unfortunately seems to be the cost of doing business in
 this mailing list -- unless, of course, you muzzle your own opinions
 and follow the herd.

	So either get a thicker skin, or do not expect petulant mails
 to me to not get the treatment they deserve. I always start of
 politely, and would never get confrontational unless in reaction (hi
 aj). 

	As for doing work in reviewing packages, I would not be
 disinclined to do so -- though that was a neat jab, couching this
 disagreement in terms of crusty old loafer pissing off the hard
 working folks.


> Bear in mind that policy appropriates perfectly common and valid
> English for its own uses, and this is very easy to stumble over when
> writing proposals. I for one, have a history of stumbling over it
> multiple times in the past, and I expect to continue to do so until
> policy is fixed to use uppercased normative words or something like
> that.

	Well, If this proposal was in plain text, not a properly
 formed patch against current policy, and thus meant to be interpreted
 in the context of the policy document, perhaps that would have been
 clearer.

	manoj
-- 
One good reason why computers can do more work than people is that
they never have to stop and answer the phone.
Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
1024R/C7261095 print CB D9 F4 12 68 07 E4 05  CC 2D 27 12 1D F5 E8 6E
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

Reply to:

Follow-Ups:
- Re: setuid/setgid binaries contained in the Debian repository.
  - From: Joey Hess <joeyh@debian.org>

References:
- Re: setuid/setgid binaries contained in the Debian repository.
  - From: Joey Hess <joeyh@debian.org>
- Re: setuid/setgid binaries contained in the Debian repository.
  - From: Manoj Srivastava <srivasta@debian.org>
- Re: setuid/setgid binaries contained in the Debian repository.
  - From: Joey Hess <joeyh@debian.org>
- Re: setuid/setgid binaries contained in the Debian repository.
  - From: Manoj Srivastava <srivasta@debian.org>
- Re: setuid/setgid binaries contained in the Debian repository.
  - From: Joey Hess <joeyh@debian.org>
- Re: setuid/setgid binaries contained in the Debian repository.
  - From: Manoj Srivastava <srivasta@debian.org>
- Re: setuid/setgid binaries contained in the Debian repository.
  - From: Joey Hess <joeyh@debian.org>

Prev by Date: run-parts problem again
Next by Date: Re: setuid/setgid binaries contained in the Debian repository.
Previous by thread: Re: setuid/setgid binaries contained in the Debian repository.
Next by thread: Re: setuid/setgid binaries contained in the Debian repository.
Index(es):
- Date
- Thread