Re: zoo: directory traversal security bug

[Jose Carlos do Nascimento <josecarlos.nascimento@varig.com>]

Like Alex, I think if one program has problem, we need to  solve this 
problem against upstream author.  Because he know his program and know 
how to solve bugs, etc.

I too think like Bartosz Fenski, but with one difference.

"if you're going to package something written in Python it is REQUIRED 
to KNOW python,  etc....


Well, I wil try to find author of Zoo (Rahul Dhesi) and solve this 
problem,, and if I cant find him,,  I will put zoo to adoption.

Thanks, all

Jose Carlos


> * Bartosz Fenski aka fEnIo <fenio@debian.org> [2005-07-15 01:20:44 +0200]:
>
>  
>
> > On Fri, Jul 15, 2005 at 12:10:50AM +0100, Roger Leigh wrote:
> >    
> >
> > > If you can't understand what you are packaging, you shouldn't be
> > > packaging it, IMHO.
> > >      
> > So maybe our documentation should state that?
> >
> > I mean something like "if your're going to package something written in
> > Python it is highly recommended to KNOW python, and if you're going to
> > package something written in C it is highly recommended to know C" ?
> >
> > regards
> > fEnIo
> >    
>
> Having a good relationship with upstream helps immensely especially if the
> maintainer doesn't know C or C++ or whatever the software is written in. Maybe
> that should be in the policy, too ;)
>
> We really should not take it to the absurd extremes.
>
> Regards,
>
> Alex
>