[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: netscape security hole

Dear friend,

On Thu, Aug 10, 2000 at 02:56:03PM -0400, Mike Werner wrote:
> > > format, but written by someone else.  So now I'm curious as to just what it
> > > takes to be considered to exist as part of Debian?
> > 
> > Please read the Debian Social Contract policy:
> > http://www.debian.org/social_contract
> I went and looked at that page, and lo and behold there's a whole slew of
> Netscape packages.  Just like the ones I've used to install Netscape onto my
> systems.  Oh, wait a minute.  Those *are* the packages I used.

You didn't read the social contract and I consider this childish, that you
even reply before that.

Quote from the social contract:
We acknowledge that some of our users require the use of programs that don't conform to the Debian Free Software Guidelines. We have created "contrib" and "non-free" areas in our FTP archive for this software. The software in these directories is not part of the Debian system

Can you spot that sentence "is not part of the..."?

It doesn't mean if you find on debian servers some software, that it immediately belongs to Debian OS. There is so much software that work on Debian and is not Debian.

I hardly suggest you, that you read that social contract.

> > If Netscape *would* exist in Debian, you would almost immediately find the
> > security alert on Debian site, first page.
> 
> I've received a number of recent security announcements via email
> (debian-security-announce email list) that have not appeared on that page. 
> Seems that Security blurb there isn't very up to date.

Please don't change my words. I told you if Netscape would be part of Debian OS,
that would be reported. If you see something which is wrong about security,
report it by yourself. 

> No, you don't.  Netscape has been packaged for Debian, in debs, available
> straight from the Debian ftp server.  That pretty much meets the test for
> existance in my book.

Using apt-get doesn't ensure at all that you use Debian OS. I have in my
/etc/apt/sources.list couple of third party references. That doesn't mean
I get Debian OS.

Please install the Virtual Mr. Richard Stallman on your system, the package
is called vrms. Run it, and it will tell you pretty much, which packages
are you running with licences which are not acceptable in Debian OS.

It is not fool-proof. Netscape and hundreds of other non-free programs,
aren't part of Debian.

> ii  netscape-base-47 4.73-19          4.73 base support for netscape
> ii  netscape-java-47 4.73-19          Netscape Java support for version 4.73
> 
> hey, wait a minute!  How'd Netscape get into that list?!?  It can't do that! 
> It's not part of Debian! 

Go and inform yourself what Debian is. Spare me of your irony.


Sincerely,
Marko Cehaja
Reply to: