Marc Haber wrote: > On Sun, 06 Jul 2003 11:03:37 +0200, Thomas Viehmann <[EMAIL PROTECTED]> > wrote: >>*Look* at #198311 and search for debian-devel and then ask yourself why Marc >>thinks that -devel should only be used as a forum to discredit ftpmasters >>work, >>and not as a place where ITPs should be reviewed. > That was indeed an omission, caused by the fact that I filed an RFP > first and later retitled the bug to ITP. Surely you never make any > mistakes. I make a lot of mistakes. (That's why I prefer working on computers/math over things like medicine.)
In fact, I made a similar mistake with the ITP of libchipcard (IIRC) because the X-Debbugs-CC got lost because I usually call reportbug -p and copy stuff into my mailclient when reporting bugs. (And it might be a reasonable idea to investigate posting ITPs on debian-devel by other means than the X-Debbug-CC-Header so such obmissions are impossible). However, I sincerely believe that without this obmission, the ITP might have been shot down (or held reasonable) before the upload (and possibly before the creation) of the package. Thus (leaving the style issue that upset you aside) I think that the (technical) merit of your complaint is somewhat limited. As far as the eicar license is concerned: Is it really that difficult to obtain a statement from eicar on whether or not they believe that the test file is copyrightable and maybe a general permission to distribute the file? From your comment I guess you tried, but quite possibly they understand better Debian's concern about licensing with all the publicity the SCO lawsuit has. That said, I see additional issues with the inclusion of the eicar file (aside from the obvious point that probably it'd rest just as well in another package containing a virus scanner): Debian mirrors and CDs will be quite possibly be identified as carrying virii. Quite possibly, it's reasonable to "obfuscate" (in a documented way) the file (e.g. xor it and provide a program for decryption) or include a script or download instructions rather than the file itself. Possibly, even the original installer package looks a lot less silly on second thought. Cheers T.
pgpIIa5GHxRAZ.pgp
Description: PGP signature