Re: negative vote for maintainer Michael Gilbert
Bartosz Feński <email@example.com> writes:
> W dniu 06.01.2012 18:51, Sergiusz Pawlowicz pisze:
>> On Fri, Jan 6, 2012 at 17:15, Russ Allbery <firstname.lastname@example.org> wrote:
>>> If you have a Debian production environment of any appreciable size, it's
>>> well worth the effort to set up your own local repository. At Stanford,????
>>> we end up wanting to backport random things, add local packages, or import
>>> packages from testing or unstable into stable all the time, and use our
>>> local repository extensively for that.
>> Yes, it is possible, but if there is no bug, I prefer to have a package
>> inside the distro, as by the scale of project, it is always possible
>> other bugs can be detected by other users.
>> Forking a project is always more risky.
> You learned us that there are unmaintained packages... what's more
djbdns isn't unmaintained. There's a disagreement between the package
maintainer and the security team over whether it should be in a Debian
release, since the package has a security weakness (which is inherently
unfixable in all implementations of the DNS protocol, but which can be
hardened against slightly in a way that the upstream for djbdns is not
interested in doing).
Russ Allbery (email@example.com) <http://www.eyrie.org/~eagle/>