Direction on foo2zjs and web fetching scripts
Dear release team,
Thank you for making a decision on the direction for bug #449497 in
foo2zjs [1]. I believe that this is a reasonable choice for now due
to the impending release. However, I would really like to see an
honest and consructive conversation on the issue. I believe that
there are some major security and functionality problems with fetching
scripts, and there should be clear direction from the members of the
debian project on the matter. I would like to be able to completely
trust main, so it is my hope that developers would do everything in
their power to keep main as clean and safe as possible. I am just a
user, so I feel powerless to do anything, and my experience dealing
with this issue through the foo2zjs maintainers was not exactly
constructive [2],[3],[4] (primarily because of over-reactiveness and
hyper sensitivity on their part and perhaps a lack of appreciation for
debian's bug command and control authority [5] on my part -- and of
course some good old misunderstanding and misinterpretation). Where
do I go from here to make sure the issue gets the appropriate level of
thought and consideration that it deserves (after lenny gets released
of course)?
Best wishes,
Michael Gilbert
[1] http://lists.debian.org/debian-release/2008/11/msg00106.html
[2] http://bugs.debian.org/449497
[3] http://bugs.debian.org/503813
[4] http://bugs.debian.org/503814
[5] http://lists.debian.org/debian-ctte/2008/10/msg00006.html
P.S. Please CC me on any responses since I am not subscribed to these lists.
Reply to: