On Fri, Feb 27, 2004 at 11:02:08PM +0000, Scott James Remnant wrote: > > Is there any reason why my comments (and the debug line I added) have been > > removed from the patch? > > > A ~60 line comment in the middle of a ~1,000 line function isn't really > a great place to put that kind of thing. What the code does is fairly > obvious, and why it does it is documented in the ChangeLog entry for the > patch. Ok. But you didn't move my comments to the Changelog entry either. > I dislike, in general, long-winded discussions of code in the middle of > functions. Various articles and papers are interesting to the security > expert, but not to the maintainer of the code. Of course, you are entitled to your own opinion. In any case, you dropped what I believe is a good source of information on _why_ was the change introduced. > The *right* place for such discussions, and provision of relevant papers > and articles is the bug tracking system. The change to the code is then > accompanied by a reference to the bug number (in debian/changelog) for > the interested reader. I disagree. Software developers do not necessarily need to go to the BTS, they use the documentation provided in the package or the source code itself. > So whilst the full history of a bug/change, who first noticed it, > suggested it and/or found it, etc. etc. are all interesting -- the BTS > is what keeps that information, not comments above every single block of > code in the source. It's important enough to give credit where credit is due, and you have neglected that. Giving credit (to Brian Hatch for example) encourages positive feedback. If you disliked the comment in the source code, you could have moved it to the Changelog entry, if you did not find that was the place either you could have updated dpkg's documentation that describes _how_ it is supposed to behave. Even if it was a fix for a security issue, It's worth documenting it further, "stashing away" is not a good enough description. As far as I see from your NMU this was the only bug which was a significant change in dpkg's behaviour, I don't believe any other programs rely on this, but documenting more why it's being introduced would be of benefit both to casual observers of the Changelog and to other package manager's software developers. Just my 2c. Regards Javier
Attachment:
signature.asc
Description: Digital signature