[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ax25-node

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Tue, Mar 24, 2015 at 09:56:21PM +0000, Iain R. Learmonth wrote:
> Date: Tue, 24 Mar 2015 21:56:21 +0000
> From: "Iain R. Learmonth" <irl@fsfe.org>
> Subject: Re: ax25-node
> To: debian-hams@lists.debian.org
> Mail-Followup-To: debian-hams@lists.debian.org
> 
> Hi Patrick,
> 
> On Tue, Mar 24, 2015 at 04:21:46PM -0400, Patrick Ouellette wrote:
> > As I mentioned in a message to the list, your "pretty bad shape" assessment is
> > not shared by everyone.  One actual (non-critical) bug and a number of lintian 
> > warnings are not what I call "pretty bad shape."  Your definition may be 
> > different.
> 
> "in some cases DDOS the remote site if a user "ctrl-]+q" out of a telnet
> session" - this sounds quite serious to me. If this bug is not as serious as
> I think it sounds, could you please comment on the bug to let others know?
> My "seriousness rating" was based on the assessment from Brian N1URO and I'm
> guessing others reading the bug report would come to the same conclusion.
> 

The original bug that was finally filed by Brian (N1URO) is listed as 
severity "Important"- Brian admits to having discovered the bug way back
in 2005.  It took him 2 years to send a report/patch to the upstream and
10 years to send a report to Debian.

If the bug was severe problem, I hope it would have been well communicated 
once discovered.

(Additionally, the bug report "suggests replacing ax25-node with URONode for 
security reasons as other distros have done" - this is kind of misleading
as URONode was not licensed with a license other distros could 
use until recently; within the last year as near as I can tell from the
web archives. It was impossible for URONode to be distributed by Debian
until the license change.)

...
> 
> > Yes, the plan that was discussed and decided without actually asking any of the
> > maintainers directly as far as I can tell.  Yes, sending messages to the
> > debian-hams list is a good start but not everyone reads list mail every day.
> 
> You should have been copied on the bug reports. I would prefer these issues
> to be discussed on the list or via the BTS and not in private. (Debian
> Social Contact Part 3).
> 

You don't seem to know how the BTS works for sending developer bug reports.
Developers get pretty much all the new bug reports for all the packages (or at 
least it seems that way).

Copying a developer directly when sending messages about their package to a 
list is not "hiding anything" or obscuring the conversation.  It is a courtesy.
I did not hide anything, I posted my opinions to the list even before responding
to you *and* the list.  

> > There is no need to have ax25-node removed from the archive just so UROnode
> > can be added.  When I find some time, yes I plan on working on the ham radio
> > software in Debian.
> 
> Awesome. I look forward to a new package arriving for stretch. (:
> 
> Some of the lintian errors/warnings refer to files living in /var/ax25.
> There was discussion about this within the Filesystem Hierachy Standard
> group, and we are looking to see if this is going to be included in version
> 3.0 of the standard or whether UROnode will need to be patched to use
> /var/lib/ax25. This will also be useful to the ax25-node package, so when
> there is some consensus within FHS as to what we should be doing, I can let
> you know.

I filed a request with the FHS group a long time ago for this consideration.
Nice to hear it is not lost in the ether.  All I ever got on the FHS front
was a very delayed ack the request was received.

73,

Pat NE4PO
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBCAAGBQJVEeM7AAoJEBmyZ4AhAzKfQbAQAK6dYt9cFKdJVNEAZyJ72q+h
JcbvGEjleVYYcdfVZLDSiFJ+Z/MhNFGbYgCdNPT0+KJb3boB9x6C/6SGEowYkVBv
d1qyTbSpjJd7wutK7eebDmGZTlQwlG3e2e3ZOxMwh+Hx47LPOFOu7h3FSdDAEtDK
iTltcBN1CV67/34GkVmriLQKsRjQBgr/WWX+voB7I/gl18lviYg/EAPpSSqCTBer
eX/ufILdqVDFQYF3cuIAr11D0TrHTisJG6p8H8+wBYOZuzwrnxW94swQfiprPxL5
Z/sL8QrlRHe1q4BudUczjL4DMCzUWFDREkTXIfyQJUeIJzPI6ZRo1kA6CIQNaoog
VwyoZU+/YVSCx210HbBwDmyhLq4ypzIswFCHlGYetRrK0btWSD+TjwxIBjivfXUh
b8XjQ02knYE+p5rEfbYRa3FPEAeS5wzshNtYs0Ua1vm7Fd4Covcd9ZbaHeaq+Koi
KA2Laxvq5ncZ6vWmEzXmqIo3zW2FLKx8M/YWMj8lithxSnrhSqxO+R2y3G8FzPdL
qYNFcH/o1vh8k7gJm1e4LGPbYj3S14dkOVZbim1+I7ouG8koqH//dKowZH+E/7zK
W0paz8XYTlrGn3PRjfdbXAE1D+WBpZe4Y1FLWXNSSsaZi+oGYZgaYfHxHEH+Mywu
sUKGe+vVW2zZs+qups9r
=XyoX
-----END PGP SIGNATURE-----
Reply to: