[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: negative vote for maintainer Michael Gilbert

On 01/05/2012 06:34 PM, Sergiusz Pawlowicz wrote:
> I am allowed to describe things as they are,
> without a special permission or holding Companion of Honour medal.

1/ The way you describe things will always be your view, you can't
just say that it is the holy truth, it's only your opinion, and others
may not agree, and will reply to you if they don't.

2/ You are allowed to write whatever you want on all Debian lists,
they aren't moderated. I don't think anyone has ever written to
you that we forbid to write this or that. You can also:
- swear at, or insult readers or contributors
- write in bold high caps letters
- point fingers at bad $maintainer and say he is an incompetent
- say that all members of the $team are incompetent as well and
don't understand any point of a discussion
- etc.
(please don't write back that I'm saying you do, I'm just stating
that you CAN if you want to, I'm not saying something else.)

But "allowed" doesn't mean that this is the right thing to do.

> About bug #516394 - it cannot be patched, as nothing is broken.

Oh, that's what I thought. I read the bug report, and remembered
that djbdns was one of the very few resolvers that wasn't affected
by the poisoning issue when it was discovered. I'm not sure though,
I didn't read so much about it.

But you know, over the years, software from DJB have gained a
very bad reputation in Debian, mainly because of Qmail, which
had many flaws (like differed bounce messages), because DJB
refused to ship it in an open way which prevented Debian to ship
it into main (it was in non-free for a long time) and that didn't
get attention from its author who behaved in a non-responsive,
non-responsible manner to the issues. So it's not surprising at
all to see that the software received the same careless support
from the security team, which is very busy, and lack man power.

Yes, it's a shame. Yes, it should have been better. Luckily, it's not
like that in all areas of Debian. And anyway, you can make a big
lists of issues in Debian, there's lots of them, for sure. But shouting
about them and pointing fingers is pointless, it wont solve issues.

> A package maintainer had enough time to convince the Security Team they
> are wrong. But it fits in the point e) - it requires strong effort, as
> the Security team seems to be immune to arguments, similar to the most
> of discussant in this thread.
>   
I agree that the security team isn't as efficient as it should
(in fact, in a way, it never will be, as any given minute a
security issue isn't addressed, there are consequences),
but that's mainly because of a lack of man power. Again,
you are free to contribute and change things, I'm 100% sure
that the security team will be happy to receive help (they
always do)!

Thomas
Reply to: