[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: zoo: directory traversal security bug

On Fri, 15 Jul 2005 01:20:44 +0200, Bartosz Fenski aka fEnIo <fenio@debian.org> said: 

> On Fri, Jul 15, 2005 at 12:10:50AM +0100, Roger Leigh wrote:
>> If you can't understand what you are packaging, you shouldn't be
>> packaging it, IMHO.

> So maybe our documentation should state that?

        Err, I thought that was common sense.  

        Being a developer is far more than being a glorified
 packager. The DD is responsible for hacking the package to make it
 fit current and future policy dictates (so one may need to change
 configuration file locations, for example). It requires the DD to
 triage bugs for upstream, and actively help in debugging the
 software, and participating in the development, and improving it.

        So, a DD is supposed to be a help for upstream, kinda like a
 upstream developer with an intimate knowledge of Debian. Given that,
 being a DD also requires -- or ought to require -- someone with a
 modicum of technical judgement; and if someone needs every single bit
 of information in a tome somewhere, so they can happily follow the
 rules, perhaps this is not a good fit for them?

        Perhaps we should not give people a false sense of what being
 a DD entails? 

Human resources are human first, and resources second. Garbers
Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

Reply to: