Re: zoo: directory traversal security bug

To: Roger Leigh <rleigh@whinlatter.ukfsn.org>
Cc: debian-mentors@lists.debian.org
Subject: Re: zoo: directory traversal security bug
From: Manoj Srivastava <srivasta@debian.org (va, manoj)>
Date: Fri, 15 Jul 2005 11:03:06 -0500
Message-id: <[🔎] 87mzoodpl1.fsf@glaurung.internal.golden-gryphon.com>
Mail-followup-to: Roger Leigh <rleigh@whinlatter.ukfsn.org>, debian-mentors@lists.debian.org
In-reply-to: <[🔎] 20050714232044.GA19565@komputerek.fenia.pl> (Bartosz Fenski aka fEnIo's message of "Fri, 15 Jul 2005 01:20:44 +0200")
References: <[🔎] 42D56A2C.6070107@varig.com> <[🔎] 42D582C3.3070405@beamnet.de> <[🔎] xkvh1x62yqhm.fsf@grajagop-lnx.cisco.com> <[🔎] 42D621CA.4090702@beamnet.de> <[🔎] 42D66B05.20703@varig.com> <[🔎] 87d5plt24l.fsf@hardknott.home.whinlatter.ukfsn.org> <[🔎] 20050714232044.GA19565@komputerek.fenia.pl>

On Fri, 15 Jul 2005 01:20:44 +0200, Bartosz Fenski aka fEnIo <fenio@debian.org> said: 

> On Fri, Jul 15, 2005 at 12:10:50AM +0100, Roger Leigh wrote:
>> If you can't understand what you are packaging, you shouldn't be
>> packaging it, IMHO.

> So maybe our documentation should state that?

        Err, I thought that was common sense.  

        Being a developer is far more than being a glorified
 packager. The DD is responsible for hacking the package to make it
 fit current and future policy dictates (so one may need to change
 configuration file locations, for example). It requires the DD to
 triage bugs for upstream, and actively help in debugging the
 software, and participating in the development, and improving it.

        So, a DD is supposed to be a help for upstream, kinda like a
 upstream developer with an intimate knowledge of Debian. Given that,
 being a DD also requires -- or ought to require -- someone with a
 modicum of technical judgement; and if someone needs every single bit
 of information in a tome somewhere, so they can happily follow the
 rules, perhaps this is not a good fit for them?

        Perhaps we should not give people a false sense of what being
 a DD entails? 

        manoj
-- 
Human resources are human first, and resources second. Garbers
Manoj Srivastava   <srivasta@debian.org>  <http://www.debian.org/%7Esrivasta/>
1024D/BF24424C print 4966 F272 D093 B493 410B  924B 21BA DABB BF24 424C

Reply to:

Follow-Ups:
- Package maintainers do more than package
  - From: Ben Finney <ben@benfinney.id.au>

References:
- zoo: directory traversal security bug
  - From: Jose Carlos do Nascimento <josecarlos.nascimento@varig.com>
- Re: zoo: directory traversal security bug
  - From: Thomas Viehmann <tv@beamnet.de>
- Re: zoo: directory traversal security bug
  - From: Ganesan Rajagopal <rganesan@myrealbox.com>
- Re: zoo: directory traversal security bug
  - From: Thomas Viehmann <tv@beamnet.de>
- Re: zoo: directory traversal security bug
  - From: Jose Carlos do Nascimento <josecarlos.nascimento@varig.com>
- Re: zoo: directory traversal security bug
  - From: Roger Leigh <rleigh@whinlatter.ukfsn.org>
- Re: zoo: directory traversal security bug
  - From: Bartosz Fenski aka fEnIo <fenio@debian.org>

Prev by Date: Re: zoo: directory traversal security bug
Next by Date: Re: zoo: directory traversal security bug
Previous by thread: Re: zoo: directory traversal security bug
Next by thread: Package maintainers do more than package
Index(es):
- Date
- Thread