[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

ppp bug and maintainer's negative attitude

Hash: SHA1


Recently I stumbled upon a bug in ppp whereas the daemon would start
forking like hell if the line was forcibly disconnected. This is due to
a race condition and has already been fixed in unstable, according to
the changelogs.

Acting on advice from a couple of DD friends, I reported it to
security@debian.org, asking whether it could be considered a d-o-s (a
few disconnnections at most and the bug is triggered, bringing the
system down), with the current maintainer (Marco d'Itri) in CC, and providing reference to two other bug reports detailing the same issue. He has to be praised for not wasting bandwidth, since his reply was a simple "no", without any further explanation or comment.

Even though I did not want to clutter the BTS with duplicate reports, I
was again advised to file a new report (238840) restating the facts and
asking for a backport to be made. This time the answer was slightly more
verbose and I quote it here (without permission, but the BTS is public):

- -cut-
This happened to only one user. I consider this problem minor and have
no plan to backport ppp.
- -cut-

I _do_ consider this head-in-the-sand attitude to be extremely negative in a maintainer because:

1) the bug is real and quite disruptive

2) it is an outright _lie_ that I am the only one who suffered from this
problem, as can plainly be seen from reading the two bugs (172317 and 175480) that I referenced both in the message to security and in the bug
report. Further analysis of ppp archived bugs shows other have had
similar problems, I simply chose the two most relevant ones as proofs.

3) the bug report has been closed with no action as if nothing had happened and with the declared intention of not fixing it ever. It would have been much better to acknowledge it as being worked on and then leaving it open pending the backport of the patch.

Again acting on advice from my DD friends, I am posting here asking for
help: what else can it be done to solve this issue? Rebuilding the ppp
package from unstable on stable isn't feasible because of complex
dependecies and, again, the whole point of using stable is not having to
care about such things (to a certain extent, granted).

Best regards and thanks in advance,

- -- Homepage: http://andrea.borgia.bo.it / Amateur radio: IZ4FHT
Key fingerprint: 4037 9711 85C6 F9F9 A505  FA0A BB62 3A3C F7BA 9B13

Version: GnuPG v1.2.2 (GNU/Linux)


Reply to: