[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#789256: cmus: Pulls in unwanted and potentially dangerous DECnet packages through libroar2

Am 20.06.2015 um 19:51 schrieb John Paul Adrian Glaubitz:
ld the release back because of such ancient
>>> software?
>> OK, so lets drop iceweasel? This is definitly offtopic here
> No, we dropped sparc as a release architecture as a result
> in case you missed that.

Because of roaraudio? Oh no? Ok this is a realy related issue here... X
affected Y and Z was the result, so roaraudio is affected. Please
discuss this with the iceweasel team if you have got enough free time.

>>> They introduced automatic removal of packages affected by RC bugs
>>> for this very reason and the fact that DECnet is no longer 
>>> maintained means that ROAR is permanently at risk being affected 
>>> by RC bugs unless you think you can fix vulnerabilities or other
>>> serious bug in an ancient networking stack.
>> Lets drop package XYZ: it may have got issues we didn't discovered,
>> yet..
> No, let's drop package XYZ which _no_one_ maintains both upstream
> and downstream. It's absolutely a common practice in Debian
> and happens all the time.
> Here are some examples:
>> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=206866 
>> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=288112 
>> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=179392 
>> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=182434

You are just quoting mostly invalid closed reports which are as old as I
am :D And it is not my package, just FYI

> I'm sorry Patrick, but I am starting to have doubts that you
> know how to do a proper job as a maintainer. You apparently
> don't read bug reports (as shown above), you don't know the
> details about your *own* packages (you claimed that libdnet
> is not a dependency which is simply untrue) and you apparently
> have never heard that Debian does, in fact, remove packages
> that are either buggy or no longer in active upstream
> development.

You are open to post to d-d@l.d.o something like "pmatthaei is not able
to do Debian work". I will make your life a bit easier and CC'ing d-d now..
It makes no sense but it seems like this is the best way to follow an
issue to it's own .... .

> We may really need to forward this to the technical committee
> and ask them to make a decision over the removal of the
> DECnet dependencies in ROAR as you are apparently completely
> out of touch with reality.

Please, do it. But *again*: IMMEADITLY STOP(!) adding/quoting/responding
me for stuff where I never were responsible for! And also for things
like who is my "buddy" or not, especially if they do not know the person
at all..

I am just doing my Debian Developer work, also for the roaraudio
packages, but it looks again like you and Ron just want to fool.. .. ..

Mit freundlichem Gruß / With kind regards,
 Patrick Matthäi
 GNU/Linux Debian Developer

  Blog: http://www.linux-dev.org/
E-Mail: pmatthaei@debian.org

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: