Re: Bug#207300: tmda: Challenge-response is fundamentally broken

To: debian-devel@lists.debian.org, 207300@bugs.debian.org
Subject: Re: Bug#207300: tmda: Challenge-response is fundamentally broken
From: Joey Hess <joeyh@debian.org>
Date: Wed, 27 Aug 2003 12:30:07 -0400
Message-id: <[🔎] 20030827163007.GE29269@dragon.kitenet.net>
Mail-followup-to: debian-devel@lists.debian.org, 207300@bugs.debian.org
In-reply-to: <[🔎] 20030827151241.GK28955@flounder.net>
References: <[🔎] uiun0dv1n94.fsf@echo.linpro.no> <[🔎] 20030827113736.GB17793@riva.ucam.org> <[🔎] 20030827151241.GK28955@flounder.net>

Adam McKenna wrote:
> The arguments are facile and specious, I do not intend to waste my precious
> time responding to them.

Speaking of precious time, let me bore you with another facile and
specious argument..

Like many of us here, I occasionally receive bug reports from our users,
and reply for more information, and get back some kind of challenge[1],
or possibly a warning that my mail is being rejected because I am in a
DUL (such as the osirusoft one). Since I consider my time just as
precious as Adam's, I typically ignore all such challenges. I will leave
the bug open for a while in case another user, who is willing to hold up
his end of the implied BTS social contract and also sees the bug is able
to respond to it. Eventually though I will have no choice but to close
it.

This is ok when the percentage of such bugs is low -- in the 1% area.
If the percentage of such bugs becomes higher, say 10%, I belive that
Debian will start to suffer from it. If we're unable to contact the
submitters of 10% of our bugs, then a lot of bugs will go unfixed, and
quality will drop. I'm already finding it much harder to get a response
from users on bug reports than I did years ago.

I don't think that TMDA is yet enough of a problem for this to be a big
deal, but I think it has the potential to become one. Debian as a whole
is empowered to override the wishes of one maintainer, if it turns out
that the software he is packaging is detrimental to the distribution as
a whole. We do not let maintainers package software in us/main that puts
us at risk of copyright infringement, or certian patent infringements,
or in the past, crypto that cannot be exported. If we find that TMDA has
the potential to cause significant problems for the project, we can
certianly decide that we will not promote it or distribute it, and we
can warn our users not to use it in communication with the project.

-- 
see shy jo

[1] Which is fairly amusing, since I both gpg sign all my mail with a
    and use TLS for sending it. There's no shortage of identification
    here.

Attachment: pgpJZGM_tbxt7.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: Bug#207300: tmda: Challenge-response is fundamentally broken
  - From: Stephen Gran <sgran@debian.org>
- Re: Bug#207300: tmda: Challenge-response is fundamentally broken
  - From: Colin Watson <cjwatson@debian.org>
- Re: Bug#207300: tmda: Challenge-response is fundamentally broken
  - From: Branden Robinson <branden@debian.org>

References:
- Re: tmda: Challenge-response is fundamentally broken
  - From: Tore Anderson <tore@linpro.no>
- Re: tmda: Challenge-response is fundamentally broken
  - From: Colin Watson <cjwatson@debian.org>
- Re: Bug#207300: tmda: Challenge-response is fundamentally broken
  - From: Adam McKenna <adam@flounder.net>

Prev by Date: unsubscribe
Next by Date: Re: NMUs applying sleeping wishlist bugs about translation (was something else)
Previous by thread: Re: Bug#207300: tmda: Challenge-response is fundamentally broken
Next by thread: Re: Bug#207300: tmda: Challenge-response is fundamentally broken
Index(es):
- Date
- Thread