[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: negative vote for maintainer Michael Gilbert

Bartosz Feński <bartosz@fenski.pl> writes:
> W dniu 06.01.2012 18:51, Sergiusz Pawlowicz pisze:
>> On Fri, Jan 6, 2012 at 17:15, Russ Allbery <rra@debian.org>  wrote:

>>> If you have a Debian production environment of any appreciable size, it's
>>> well worth the effort to set up your own local repository.  At Stanford,????
>>> we end up wanting to backport random things, add local packages, or import
>>> packages from testing or unstable into stable all the time, and use our
>>> local repository extensively for that.

>> Yes, it is possible, but if there is no bug, I prefer to have a package
>> inside the distro, as by the scale of project, it is always possible
>> other bugs can be detected by other users.

>> Forking a project is always more risky.

> You learned us that there are unmaintained packages... what's more
> risky?

djbdns isn't unmaintained.  There's a disagreement between the package
maintainer and the security team over whether it should be in a Debian
release, since the package has a security weakness (which is inherently
unfixable in all implementations of the DNS protocol, but which can be
hardened against slightly in a way that the upstream for djbdns is not
interested in doing).

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>
Reply to: