Re: Security upgrade for potato by new major version and distro change?

[Matt Zimmerman <mdz@debian.org>]

On Tue, Jan 23, 2001 at 12:07:02PM +0100, Tollef Fog Heen wrote:

> * Matt Zimmerman 
> 
> | On Mon, Jan 22, 2001 at 09:38:15AM +0100, Christian Hammers wrote:
> | 
> | > On Mon, Jan 22, 2001 at 08:13:57AM +0100, Martin Schulze wrote:
> | > > You should always be able to backport a patch.  If not, I'm sorry, but that
> | > > this should be one quality of a Debian maintainer, you lack something...
> | > Martin? It it the quality of a Debian maintainer to find the right line(s) in
> | > a 100k C/C++ patch and moreover feeling sure enough about it to say that this
> | > fixes the security hole in one often used package?!?!?!  Programming did not
> | > fall under the requirements of a maintainer, last time I checked.
> | 
> | If a maintainer cannot program in the language in which her package is written,
> | how will she fix bugs, test patches, and generally understand how the packaged
> | software works on the inside?  Such a maintainer is not a very effective one.
> 
> So, for instance, the maintainer of postgresql must know perl, tcl, C,
> C++, python and java/jdbc very well? ( since it is written in C, and
> has interfaces for all the programming languages mentioned.)

Not necessarily.  The core of the code is written in C, and the maintainer
should be able to read and write C comfortably in order to effectively maintain
the package.  The interfaces for other languages are generally small bits of
glue that don't have very many bugs and don't change very often.

I maintain rrdtool, which has a Tcl interface, but I've never written in Tcl in
my life, except for a few expect scripts.  I've also never gotten a bug report
about the Tcl interface, had to apply a patch to it, or otherwise had to deal
with Tcl.  Note that the Tcl module, like the rest of rrdtool, is written in C.
I might be a better maintainer if I knew Tcl, but so far, I have had no reason
to do so.  In the event that a problem arises with the Tcl bits, I imagine I
could post a message here or elsewhere and ask for help.  If I needed to do
this every time a change was necessary in a C source file in one of my
packages, my progress would be very slow indeed.

> Of course, having an understanding of the programming languages is
> helpful, but IMHO not required in order to be a maintainer.

I would say that an understanding of the primary language of your package is
required in order to be a good maintainer.  Debugging is a big part of being a
maintainer, and effective debugging requires programming knowledge.  For
example, I would not adopt or package a Python or Tcl program, as I'm not
comfortable patching and debugging in those languages.

-- 
 - mdz