Bug#789256: cmus: Pulls in unwanted and potentially dangerous DECnet packages through libroar2
Patrick Matthäi
pmatthaei at debian.org
Sat Jun 20 18:20:40 UTC 2015
Am 20.06.2015 um 19:51 schrieb John Paul Adrian Glaubitz:
ld the release back because of such ancient
>>> software?
>
>> OK, so lets drop iceweasel? This is definitly offtopic here
>
> No, we dropped sparc as a release architecture as a result
> in case you missed that.
Because of roaraudio? Oh no? Ok this is a realy related issue here... X
affected Y and Z was the result, so roaraudio is affected. Please
discuss this with the iceweasel team if you have got enough free time.
>
>>> They introduced automatic removal of packages affected by RC bugs
>>> for this very reason and the fact that DECnet is no longer
>>> maintained means that ROAR is permanently at risk being affected
>>> by RC bugs unless you think you can fix vulnerabilities or other
>>> serious bug in an ancient networking stack.
>
>> Lets drop package XYZ: it may have got issues we didn't discovered,
>> yet..
>
> No, let's drop package XYZ which _no_one_ maintains both upstream
> and downstream. It's absolutely a common practice in Debian
> and happens all the time.
>
> Here are some examples:
>
>> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=206866
>> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=288112
>> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=179392
>> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=182434
You are just quoting mostly invalid closed reports which are as old as I
am :D And it is not my package, just FYI
>
> I'm sorry Patrick, but I am starting to have doubts that you
> know how to do a proper job as a maintainer. You apparently
> don't read bug reports (as shown above), you don't know the
> details about your *own* packages (you claimed that libdnet
> is not a dependency which is simply untrue) and you apparently
> have never heard that Debian does, in fact, remove packages
> that are either buggy or no longer in active upstream
> development.
You are open to post to d-d at l.d.o something like "pmatthaei is not able
to do Debian work". I will make your life a bit easier and CC'ing d-d now..
It makes no sense but it seems like this is the best way to follow an
issue to it's own .... .
>
> We may really need to forward this to the technical committee
> and ask them to make a decision over the removal of the
> DECnet dependencies in ROAR as you are apparently completely
> out of touch with reality.
Please, do it. But *again*: IMMEADITLY STOP(!) adding/quoting/responding
me for stuff where I never were responsible for! And also for things
like who is my "buddy" or not, especially if they do not know the person
at all..
I am just doing my Debian Developer work, also for the roaraudio
packages, but it looks again like you and Ron just want to fool.. .. ..
.....
--
/*
Mit freundlichem Gruß / With kind regards,
Patrick Matthäi
GNU/Linux Debian Developer
Blog: http://www.linux-dev.org/
E-Mail: pmatthaei at debian.org
patrick at linux-dev.org
*/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/attachments/20150620/cd570117/attachment-0001.sig>
More information about the pkg-multimedia-maintainers
mailing list