[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#207300: tmda: Challenge-response is fundamentally broken



Stephen Gran dijo [Wed, Aug 27, 2003 at 03:02:33PM -0400]:
> The project certainly can and should prohibit maintainers from uploading
> things that will cause problems for the project (crypto, copyright
> infringement, etc.), but that is a different case than this.
> Distributing TMDA doesn't infringe copyrights, and is not illegal, at
> least AFAIK.  The fact that it is distasteful to me personally (and
> clearly, many others) is a sad thing, but not RC quality.  Remember
> that we explicitly state in the Social Contract that we allow groups like
> the KKK to use our software for distasteful ends.

I completely agree - If a user is going to shoot himself in the foot, he
can do it with TMDA or with any other package.

> I think that either a large warning on bugs.d.o about the use of C-R
> systems in corrspondence, or a similar warning in the description of
> TMDA would suffice.  I am not familiar with TMDA, so I may be wrong, but
> couldn't it be shipped with a default of not issuing a C-R, and have a
> note in README.Debian about how to do enable it, with the caveat that
> using C-R for BTS correspondence will likely result in ignored bug
> reports and problems for the project?

Description, with the possible addition of a note in README.Debian would
be better - it is targetted at the user. Bugs are targetted to the
maintainer, and most users will not be aware of them.

-- 
Gunnar Wolf - gwolf@gwolf.cx - (+52-55)5630-9700 ext. 1366
PGP key 1024D/8BB527AF 2001-10-23
Fingerprint: 0C79 D2D1 2C4E 9CE4 5973  F800 D80E F35A 8BB5 27AF

Attachment: pgpovkfCRCz0C.pgp
Description: PGP signature


Reply to: