[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Direction on foo2zjs and web fetching scripts

Dear release team,

Thank you for making a decision on the direction for bug #449497 in
foo2zjs [1].  I believe that this is a reasonable choice for now due
to the impending release.  However, I would really like to see an
honest and consructive conversation on the issue.  I believe that
there are some major security and functionality problems with fetching
scripts, and there should be clear direction from the members of the
debian project on the matter.  I would like to be able to completely
trust main, so it is my hope that developers would do everything in
their power to keep main as clean and safe as possible.  I am just a
user, so I feel powerless to do anything, and my experience dealing
with the foo2zjs maintainers was not exactly constructive [2],[3],[4]
(primarily because of apathy, over-reactiveness, and hyper sensitivity
on their part and perhaps a lack of appreciation for the bug severity
command and control authority [5] on my part).  Where do we go from
here to make sure the issue gets the appropriate level of thought and
consideration that it deserves (after lenny gets released of course)?

Best wishes,
Michael Gilbert

[1] http://lists.debian.org/debian-release/2008/11/msg00106.html
[2] http://bugs.debian.org/449497
[3] http://bugs.debian.org/503813
[4] http://bugs.debian.org/503814

Reply to: