Bug#530532: Policy violation

To: Philipp Kern <pkern@debian.org>
Cc: "530532@bugs.debian.org" <530532@bugs.debian.org>
Subject: Bug#530532: Policy violation
From: François Guerraz <kubrick@fgv6.net>
Date: Sun, 25 Sep 2011 21:14:57 +0100
Message-id: <[🔎] B27847A2-E1D9-4232-9A33-534A3ED1AADE@fgv6.net>
Reply-to: François Guerraz <kubrick@fgv6.net>, 530532@bugs.debian.org
In-reply-to: <[🔎] 20110925190619.GA5727@spike.0x539.de>
References: <FFE2E03F-2DF1-44D7-BF2A-AC99F279512A@fgv6.net> <[🔎] 20110925190619.GA5727@spike.0x539.de>

On 25 Sep 2011, at 20:06, Philipp Kern <pkern@debian.org> wrote:

> You can actually recompile them to ship with your own certs.  But you
> cannot quote non-existent configuration files not being in /etc as a
> reason for a policy violation and hence upgrade it to serious, sorry.
> 
> Kind regards
> Philipp Kern

Ok, so there's probably not such a thing as a bug in an open source software, because you can just fix it and compile it yourself.

I know that's it's a question of opinion and that it's probably never going to be fixed, but I strongly disagree with you: this is a big issue. It's not Debian's fault, I know that, but if you want Debian to be consistant, you can't have certificates bundles everywhere in the system, the recent Diginotar issue proves it again : you guys had to upload a shitload of packages just to remove one single CA, sometimes with several days of interval.

I find it ridiculous, unsafe and messy. In my opinion it should be adressed and would definitely make Debian a better system.

I acknowledge you are really making a good job with Debian, so I don't mean to be rude...

Regards,

François.

Reply to:

References:
- Bug#530532: Policy violation
  - From: Philipp Kern <pkern@debian.org>

Prev by Date: Bug#637004: qtwebkit: FTBFS on s390x: needs some adjustments
Next by Date: Processed: Re: Bug#530532: Policy violation
Previous by thread: Bug#530532: Policy violation
Next by thread: Processed: Re: Bug#530532: Policy violation
Index(es):
- Date
- Thread