Daniel Kahn Gillmor wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Jesus--
[Moving this discussion to the debian bug tracker, since it's now more
about debian packaging than upstream]
On June 19, [EMAIL PROTECTED] said:
> On Mon, Jun 19, 2006 at 01:25:55PM -0400, Daniel Kahn Gillmor wrote:
>
> > On June 19, [EMAIL PROTECTED] said:
> >
> > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=369886
> >
> > a variant of this patchset was already submitted on this list [0] (it
> > was the command-line argument variant), and is probably indefinitely
> > on hold for upstream due to a couple reasons:
> >
> > 0) jonz seemed unconvinced [1] that dropping privileges in the way i
> > suggested would be sufficiently secure to avoid exploitation
> > (though i confess i didn't understand his argument)
> >
Do you have a pointer to his explanation ? And yours ?
> > 1) jonz and myself were unfortunately unable to come to a
> > mutually-satisfactory agreement about copyright assignment :(
>
Same goes for me.
> Ok, i will tag it wontfix, then.
If you think that's the best way to go for this bug, i'll stick with
your decision. But i'd like to continue to consider it for debian, at
least.
If the concern is the copyright assignment issue, that shouldn't have
any bearing on the patch's integration with debian. jonz has only
stated that he won't accept copywritable contributions from me
upstream without giving him full copyright assignment. The patch
itself is offered under the GPL, so i wouldn't think there would be a
problem with debian using it.
The source of dspam is released under the GPLv2, so it won't give a
problem to apply a patch that is offered under the GPL.
If the reason is the security argument, can you help me understand
what the issue is with the patchset? I'd like to try to fix it, if
possible.
> I went through the list of bugs to do the upload asap.
That sounds great! Thanks for doing it.
--dkg
Hi,
I like your patch and your proposal, and would like to see this in
Debian, but doesn't this interfere with the patch: add-config-dir.dpatch
? And is there a possibility to write some documentation around it (in
NEWS.Debian or README.Debian for example ?
Regards,
Matthijs Mohlmann
PS: Did this conversation took place at the mailinglist of dspam ? I
believe I missed something...
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
