[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian bugs belong to the Debian BTS

On Thursday 23 October 2003 18:08, Hendrik Sattler wrote:
> If an app crashes, the app is broken. End of discussion :)
> If the app uses a lib that crashes itself, it is also the apps developer
> rsponsibility to solve the problem with the libs' developer and not tell
> the user to do so.

That's not correct. Debian sid uses gcc-3.3 as default, which in some versions 
used in Debian was known to produce bad code leading to hangs and others. 
Plus, a lot of time has been spent on gcc errors during KDE packaging.
It may be a correct classicication to say that a crashing app is broken, but 
that's not the end of the discussion.
If bugs in released packages occur only with certain compiler versions or 
(more likely) wirth certain versions of libraries, it's useful to think about 
repackaging. This does not solve the bug in the upstream code, but it 
certainly can solve a bug in a debian package. Thus, an application failure 
is not the end of the discussion about _packaging_.

But... The KDE crypto packages' history is really not the gleamy side of 
Debian. An easy tool like pinentry and so much Terror about it. I bet, more 
than a hundred times of mailing list/newsgroup lines more than the program 
has code lines have been written about this :(

> Then why releasing the program at all. Either I am interested in it to
> proper work elsewhere, too, or I shouldn't release it.

True for woody and sarge, mostly true for sid. But being the unstable 
distribution of Debian, sid sometimes will carry packages with partially 
broken functionality, mostly in cases of dependency conflicts. One look at 
the history of KDE releases proves this, but this is definitely not a 
KDE-only problem.
"Release Early, Release Often" [1]. That's why. But nothing of that belongs 
into woody/sarge - sid is only for the brave ;)

But really, all the Terror about KDE crypto smells like the good old FUD of 
american crypto laws. I think too many people still don't trust the US 
government in the area of cryptology enough to even touch crypto packages 
[4]. At least a lot of outdated information from the time when RSA was 
restricted under ITAR (International Traffic in Arms Regulations) [3] and 
parts of the community reacted with public disobedience [2] and some went to 
court because of RSA printed on disc cases or similar.
Most of that is history since 1999, but the USA still have not regained the 

[1] http://www.catb.org/~esr/writings/cathedral-bazaar/cathedral-bazaar/
[2] http://www.physics.adelaide.edu.au/~swright/Old/crypto/rsa/#legal
[3] http://www.cypherspace.org/~adam/rsa/itar.html
[4] http://www.cypherspace.org/~adam/rsa/legal.html
Thomas Ritter

"Those who would give up essential liberty, to purchase a little temporary 
safety, deserve neither liberty nor safety."  - Benjamin Franklin

Reply to: