Re: Security upgrade for potato by new major version and distro change?
On Tue, Jan 23, 2001 at 12:07:02PM +0100, Tollef Fog Heen wrote:
> * Matt Zimmerman
>
> | On Mon, Jan 22, 2001 at 09:38:15AM +0100, Christian Hammers wrote:
> |
> | > On Mon, Jan 22, 2001 at 08:13:57AM +0100, Martin Schulze wrote:
> | > > You should always be able to backport a patch. If not, I'm sorry, but that
> | > > this should be one quality of a Debian maintainer, you lack something...
> | > Martin? It it the quality of a Debian maintainer to find the right line(s) in
> | > a 100k C/C++ patch and moreover feeling sure enough about it to say that this
> | > fixes the security hole in one often used package?!?!?! Programming did not
> | > fall under the requirements of a maintainer, last time I checked.
> |
> | If a maintainer cannot program in the language in which her package is written,
> | how will she fix bugs, test patches, and generally understand how the packaged
> | software works on the inside? Such a maintainer is not a very effective one.
>
> So, for instance, the maintainer of postgresql must know perl, tcl, C,
> C++, python and java/jdbc very well? ( since it is written in C, and
> has interfaces for all the programming languages mentioned.)
Not necessarily. The core of the code is written in C, and the maintainer
should be able to read and write C comfortably in order to effectively maintain
the package. The interfaces for other languages are generally small bits of
glue that don't have very many bugs and don't change very often.
I maintain rrdtool, which has a Tcl interface, but I've never written in Tcl in
my life, except for a few expect scripts. I've also never gotten a bug report
about the Tcl interface, had to apply a patch to it, or otherwise had to deal
with Tcl. Note that the Tcl module, like the rest of rrdtool, is written in C.
I might be a better maintainer if I knew Tcl, but so far, I have had no reason
to do so. In the event that a problem arises with the Tcl bits, I imagine I
could post a message here or elsewhere and ask for help. If I needed to do
this every time a change was necessary in a C source file in one of my
packages, my progress would be very slow indeed.
> Of course, having an understanding of the programming languages is
> helpful, but IMHO not required in order to be a maintainer.
I would say that an understanding of the primary language of your package is
required in order to be a good maintainer. Debugging is a big part of being a
maintainer, and effective debugging requires programming knowledge. For
example, I would not adopt or package a Python or Tcl program, as I'm not
comfortable patching and debugging in those languages.
--
- mdz
Reply to: