[Foo2zjs-maintainer] Bug#449497: foo2zjs: application depends on non-free firmware
Michael Gilbert
michael.s.gilbert at gmail.com
Sat Oct 25 20:25:05 UTC 2008
severity 449497 serious
tag 449497 -wishlist
thank you
ok, my point is that dependencies on external data/files are
potentially dangerous. if the maintainer of the upstream site makes
changes (as has been done in the past with foo2zjs), then the package
no longer works as intended. if someone replaces the upstream files
with malicious code, then you have a security issue. both of these
problems are normally considered grave, and for good reason -- hence
this is a grave problem as well. why would you risk exposing users to
these problems if you can take steps now to eliminate them?
debian main should have no external dependencies (that is what contrib
is for). and maybe the text of the debian policy doesn't make this
100% clear right now, but it is within its spirit. if it is too easy
to misinterpret the intent, then the wording should be updated for
clarity.
it is my belief that the getweb script must be removed from the package.
More information about the Foo2zjs-maintainer
mailing list