[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFS: daloradius (updated package)

On Wed, 2007-12-26 at 17:47 +0200, liran tal wrote:
> I appreciate your feedback though for the lack of better words I can 
> summarize your reply as being a nicer way for saying "RTFM".

No, more a case of "if you are unsure how the guidelines apply to this
package, reconsider whether you are the best person to package it at
this stage and find something which will enable you to learn how things
work for simpler packages".

i.e. the problem lies within the package itself because it is an
intrinsically difficult package to build properly and you would be best
advised finding something else when you are only just starting out as
maintainer. PHP is a nightmare for security problems and packaging
problems. What I say to you is what I would say to anyone reading the NM
guide for the first time - *don't start with PHP*! (Don't start with a
compiled library either, they are complex in entirely different ways.)
The NM guide does mention that libraries are not a wise choice for your
first package but as it happened, I didn't get the chance of my own
advice because when I started NM, I was already upstream for a library
in Debian that needed an update. ;-) So learn from my mistakes and don't
do things the hard way.

> I do not wish to dwell into accusations and blames for documentations
> and such, 
> if this is what you concluded from my previous email then you have
> spelled my
> intentions wrong.

I did not conclude that.

> Maybe it was my mistake to submit the new package (0.9.5) and also go
> all over again about creating a package while I already started
> working on it 
> in previous versions (0.9.3 and 0.9.4) - so for that I am sorry, it
> seemed to
> have fired up an un-called for argument about the package building.

I'd take that as a hint that you ought to consider learning how things
work using a different package as your starting point.

I'm not going to advise you on daloradius for a couple of reasons:
1. I don't generally sponsor PHP anyway (I will but only if the
maintainer convinces me that s/he has a firm grasp of the issues
involved, which you have not done.)
2. I don't think daloradius is the right package for you to maintain
right now and therefore cannot be the right package for me to sponsor.
Come back to it once you have learnt a lot more about Debian by
packaging at least one different package that is not written in PHP.

As far as PHP does, convenience (of programming) is very definitely the
enemy of security. (Yes, I do write PHP, I do know at least some of the
problems inherent in that language. No, I would not dare inflict my PHP
on Debian as a package, I stick to the few web servers to which I have
root access so that I can step in and rescue it when things go wrong.)

Leave daloradius behind - forget it completely. Move on to a different,
preferably compiled, package and restart with the NM guide. Don't even
revisit daloradius packaging until you have had at least one non-PHP
package successfully sponsored and bug free in Debian testing.


Neil Williams

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: