Bug#225692: (Bug 225692) The patch provided is just like the one I provided (!?)

To: Scott James Remnant <scott@netsplit.com>
Cc: 225692@bugs.debian.org
Subject: Bug#225692: (Bug 225692) The patch provided is just like the one I provided (!?)
From: Javier Fernández-Sanguino Peña <jfs@computer.org>
Date: Sat, 28 Feb 2004 16:08:37 +0100
Message-id: <[🔎] 20040228150837.GA13769@dat.etsit.upm.es>
Reply-to: Javier Fernández-Sanguino Peña <jfs@computer.org>, 225692@bugs.debian.org
In-reply-to: <[🔎] 1077922928.11308.41.camel@descent.netsplit.com>
References: <[🔎] 20040227221926.GA15695@dat.etsit.upm.es> <[🔎] 1077922928.11308.41.camel@descent.netsplit.com>

On Fri, Feb 27, 2004 at 11:02:08PM +0000, Scott James Remnant wrote:
> > Is there any reason why my comments (and the debug line I added) have been 
> > removed from the patch? 
> > 
> A ~60 line comment in the middle of a ~1,000 line function isn't really
> a great place to put that kind of thing.  What the code does is fairly
> obvious, and why it does it is documented in the ChangeLog entry for the
> patch.

Ok. But you didn't move my comments to the Changelog entry either.

> I dislike, in general, long-winded discussions of code in the middle of
> functions.  Various articles and papers are interesting to the security
> expert, but not to the maintainer of the code.

Of course, you are entitled to your own opinion. In any case, you dropped 
what I believe is a good source of information on _why_ was the change 
introduced.

> The *right* place for such discussions, and provision of relevant papers
> and articles is the bug tracking system.  The change to the code is then
> accompanied by a reference to the bug number (in debian/changelog) for
> the interested reader.

I disagree. Software developers do not necessarily need to go to the BTS, 
they use the documentation provided in the package or the source code 
itself. 

> So whilst the full history of a bug/change, who first noticed it,
> suggested it and/or found it, etc. etc. are all interesting -- the BTS
> is what keeps that information, not comments above every single block of
> code in the source.

It's important enough to give credit where credit is due, and you have 
neglected that. Giving credit (to Brian Hatch for example) encourages 
positive feedback. If you disliked the comment in the source code, you 
could have moved it to the Changelog entry, if you did not find that was 
the place either you could have updated dpkg's documentation that describes 
_how_ it is supposed to behave.

Even if it was a fix for a security issue, It's worth documenting it 
further, "stashing away" is not a good enough description. As far as I see 
from your NMU this was the only bug which was a significant change in 
dpkg's behaviour, I don't believe any other programs rely on this, but 
documenting more why it's being introduced would be of benefit both to 
casual observers of the Changelog and to other package manager's software 
developers.

Just my 2c.

Regards

Javier

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- Bug#225692: (Bug 225692) The patch provided is just like the one I provided (!?)
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>
- Bug#225692: (Bug 225692) The patch provided is just like the one I provided (!?)
  - From: Scott James Remnant <scott@netsplit.com>

Prev by Date: Re: *UNAPPROVED* dpkg nmu
Next by Date: Bug#213907: The package "cruft" needs help
Previous by thread: Bug#225692: (Bug 225692) The patch provided is just like the one I provided (!?)
Next by thread: Bug#55364: Hi 85088 archival
Index(es):
- Date
- Thread