[Pkg-awstats-devel] Fwd: Bug#572353
Jonas Smedegaard
dr at jones.dk
Thu Apr 1 12:38:22 UTC 2010
On Thu, Apr 01, 2010 at 12:55:51PM +0200, Andreas Henriksson wrote:
>On Thu, Apr 01, 2010 at 12:38:20PM +0200, Jonas Smedegaard wrote:
>> Hi,
>>
>> On Thu, Apr 01, 2010 at 10:39:15AM +0200, Andreas Henriksson wrote:
>> >On Thu, Apr 01, 2010 at 12:15:30PM +0400, Sergey B Kirpichev wrote:
>> >>Can we make a point release? Do you think one isn't ready?
>> >>
>> >>There is a few easy-to-handle bugs (e.g., #572353, #415334), but
>> >>the freeze is coming...
>>
>> >My personal opinion is that aiming for perfection is wrong,
>> >we should only consider if the current state is an improvement or not.
>> >I think it is, but it would be very nice if Jonas with his
>> >historic knowledge about the awstats challanges could find
>> >time to review the package and maybe iron out any critical issues
>> >before we go ahead.
>>
>> Improved *functionality* might be weakened *security*.
>>
>> I might be worng (and apologize if so - Sergey have put tremendous
>> work into improvements here, I just fear that extending to support
>> multiple config files have stolen focus from the IMO bigger issue of
>> keeping data secure by default.
>
>I'm not aware that any of the less then optimal alternatives
>to read the apache2 log files has actually been implemented..
Right. I see that now.
I confused two separate issues:
1) handling multiple config files
2) ways for wider access to output out-of-the-box
Only 2) is (highly) security-related.
I dislike how the new debian/update.sh hides all output (including
potentially errors) and uses ls (which is IMO not as reliable as e.g.
find). But that's more stylistic and shouldn't delay release.
I still am uncertain of the actual production quality of the current
packaging code, but instead of waiting any longer I have now released
for experimental, to allow more users to test and report back.
>> >If you need any assistance in getting the package uploaded,
>> >feel free to poke me and I'll help out. I guess you might
>> >need sponsorship?
>>
>> I am Debian Developer. "Sponsoring" is for packages created without
>> connections to Debian getting injected into Debian, not for teams
>> which has Debian Developers involved.
>
>I was thinking about Sergey. AFAIK he's not a DD. I know you are. :)
Ah, then it's just a matter of the term used:
If you'd written "I guess you need help actually releasing" then I agree
and wouldn't have commented on it. :-)
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-awstats-devel/attachments/20100401/fa8ec874/attachment.pgp>
More information about the Pkg-awstats-devel
mailing list