Re: xulrunner 1.9.2 into sid?

To: debian-devel@lists.debian.org
Subject: Re: xulrunner 1.9.2 into sid?
From: Michael Gilbert <michael.s.gilbert@gmail.com>
Date: Tue, 29 Jun 2010 17:07:27 -0400
Message-id: <[🔎] 20100629170727.3d70722d.michael.s.gilbert@gmail.com>
In-reply-to: <[🔎] 20100629202604.GA25342@upsilon.cc>
References: <[🔎] 20100629163519.GB5433@gnu.kitenet.net> <[🔎] 20100629202604.GA25342@upsilon.cc>

On Tue, 29 Jun 2010 22:26:04 +0200, Stefano Zacchiroli wrote:
> On Tue, Jun 29, 2010 at 12:35:19PM -0400, Joey Hess wrote:
> > This apparently well-meaning idea that we can improve Debian's
> > security etc by talking people out of doing jobs that they have
> > volunteered to do, and are doing, is a recent trend that I really
> > don't understand.
> 
> Amen.
> 
> 
> On Tue, Jun 29, 2010 at 01:34:46PM -0400, Michael Gilbert wrote:
> > I really hope I haven't come across this way.  It was certainly not
> > my intention.  Like I said in my first post to this discussion, I think
> > a debate on the merit of the status quo with respect to the mozilla
> > packages is greatly needed right now.  If the result of this debate is
> > maintaining the status quo, then that's just fine with me, but at least
> > all of the dirty laundry has been aired, and an informed decision made.
> 
> Well, I confess that it did come across that way also to me, and
> probably to many others. The impression was something like: “someone not
> working on iceweasel security in Debian is trying to convince someone
> else which is working on that, not only to stop, but also to throw out
> of the Debian main archive iceweasel all together”.
> 
> Try looking at it that way for a minute and you surely understand how
> surreal the debate looked like from the outside :-)

I can certainly see that perspective, and I can see now that I've chosen
my words poorly, which has lead to a major communication breakdown.

Hopefully restating clearly this time: my proposal is to no longer
distribute mozilla packages in the main stable repository; instead they
can be maintained in backports (or volatile) at the choosing of the
maintainers of those packages (or converted to webkit to remain in
stable main). I propose no changes to the mozilla packages in unstable
or experimental.

> > As for my non-involvement in mozilla security, that actually isn't
> > true.  I actually spent a great deal of effort to triage all of the
> > mozilla issues in the security tracker about a year ago, and submitted
> > bugs for the open ones. However, as a user, I have no access to
> > mozilla patches, so I could go no further.  I did what I could to
> > improve mozilla security, then I just simply lost interest because I
> > found webkit to be actually tractable.
> 
> To the risk of repeating myself, Debian is a do-ocracy: who does the
> work and does it well (as in this case!) gets the right to decide. If
> you stopped working on iceweasel security, you kind of gave up your
> rights of directly affecting the course of the package.

Understood; however, ill-conceived security disclosure policies impede
this process. I would fix the issues myself, but I am restricted from
doing so because of upstream mozilla disclosure policy.  That policy is
the primary reason that I am no longer interested in mozilla.  I don't
really see my interests changing without changes happening upstream
first.

Best wishes,
Mike

Reply to:

Follow-Ups:
- Re: xulrunner 1.9.2 into sid?
  - From: Michael Gilbert <michael.s.gilbert@gmail.com>

References:
- Re: xulrunner 1.9.2 into sid?
  - From: Joey Hess <joeyh@debian.org>
- Re: xulrunner 1.9.2 into sid?
  - From: Stefano Zacchiroli <zack@debian.org>

Prev by Date: Re: xulrunner 1.9.2 into sid?
Next by Date: Re: xulrunner 1.9.2 into sid?
Previous by thread: Re: xulrunner 1.9.2 into sid?
Next by thread: Re: xulrunner 1.9.2 into sid?
Index(es):
- Date
- Thread