[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security upgrade for potato by new major version and distro change?

Good evening Matt and the list

On Tue, Jan 23, 2001 at 02:42:30PM -0500, Matt Zimmerman wrote:
> (why did you not post this to -devel? It is relevant to the thread...)

Becaus this thread is *lame* !!!

Debian has many maintainers who cannot programm or like me can programm perl 
and php (well enough to get paid for) it but have not much experience with C.

Those people can do nothing about a c++ security fix except crying out loud 
for help. (that came quickly by better maintainers)

You (plural, not you personally) can fire "us" or see that we're a well 
copntribution to the project. 

So... first choice will not happen, another choice is not there, so about what
we discuss? Agreeing that better programmerss are better maintainers. Agreed.
period. Any more points? Well.... I have to do:  I will *PACKAGE* now and
no longer discuss fundamental nonsense :-)

thanks and bye,


> > On Mon, Jan 22, 2001 at 06:32:36PM -0500, Matt Zimmerman wrote:
> > > If a maintainer cannot program in the language in which her package is written,
> > > how will she fix bugs, test patches, and generally understand how the packaged
> > > software works on the inside?  Such a maintainer is not a very effective one.
> > 
> > * A maintainer is not responsible to fix bugs in the code. He/She should package
> >   the code and make it public to the Debian users. 
> >   (Of course it's always nice to provide a patch myself but I don't package 
> >   to fix!)
> Perhaps they are not responsible, but maintainers have traditionally fixed bugs
> in upstream code, and helped to track down such bugs reported by Debian users.
> > * A maintainer is, also, not responsible for test the upstream patches. He
> >   tests them as good as he can and then goes back to his /debian directory
> >   again.
> I didn't restrict "patches" to "upstream patches".  What about Debian-related
> patches submitted by Debian users?  Those should not generally be forwarded
> upstream, but need to be read and tested before inclusion.
> > * And understanding how the software works generally and how the package is
> > organised (-> gnu autoconf etc) requires average programming knowledge in any
> > language. But finding the relevant and *not* documented line that is the
> > security fix in a .diff that's 100K (compressed!) requires more knowledge.
> > Such programmers should better write software instead of wasting their
> > knowledge in simply package already written software :-)
> In my message, I agreed with you that backporting a fix was not always within
> the scope of a maintainer's expected ability, but I think that programming is.
> -- 
>  - mdz

Christian Hammers    WESTEND GmbH - Aachen und Dueren     Tel 0241/701333-0
ch@westend.com     Internet & Security for Professionals    Fax 0241/911879
           WESTEND ist CISCO Systems Partner - Premium Certified

Reply to: