Re: zoo: directory traversal security bug
On Fri, 15 Jul 2005 01:20:44 +0200, Bartosz Fenski aka fEnIo <firstname.lastname@example.org> said:
> On Fri, Jul 15, 2005 at 12:10:50AM +0100, Roger Leigh wrote:
>> If you can't understand what you are packaging, you shouldn't be
>> packaging it, IMHO.
> So maybe our documentation should state that?
Err, I thought that was common sense.
Being a developer is far more than being a glorified
packager. The DD is responsible for hacking the package to make it
fit current and future policy dictates (so one may need to change
configuration file locations, for example). It requires the DD to
triage bugs for upstream, and actively help in debugging the
software, and participating in the development, and improving it.
So, a DD is supposed to be a help for upstream, kinda like a
upstream developer with an intimate knowledge of Debian. Given that,
being a DD also requires -- or ought to require -- someone with a
modicum of technical judgement; and if someone needs every single bit
of information in a tome somewhere, so they can happily follow the
rules, perhaps this is not a good fit for them?
Perhaps we should not give people a false sense of what being
a DD entails?
Human resources are human first, and resources second. Garbers
Manoj Srivastava <email@example.com> <http://www.debian.org/%7Esrivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C