[pkg-dhcp-devel] Bug#672232: Bug#672232: Bug#672232: Bug#672232: Re isc-dhcp-client: method to ignore settings provided by the server

Michael Gilbert mgilbert at debian.org
Mon Nov 30 02:48:10 UTC 2015


On Sun, Nov 29, 2015 at 9:21 PM, Christoph Anton Mitterer wrote:
> On Sun, 2015-11-29 at 19:30 -0500, Michael Gilbert wrote:
>> Then you shouldn't use the Debian ntp package or any other Debian
>> package at all for that matter.
> Then I guess one can also close this bug as wontfix, suggesting any
> people not to use such packages or try to improve the situation within
> Debian.

To interpret that correctly, you need the prior context.  I'm wasting
my time explaining this, but here goes.  The point was that if you're
unwilling to trust the debian ntp pool, then you should also mistrust
the debian ntp package which by default chose that "evil" debian ntp
pool, and if you're so inclined to not trust debian packages like ntp,
then you might as well distrust all debian packages, and give up.
It's called reductio ad absurdum.  Please try to keep up.

>> Like I said, the security tag is for now removed because I am not
>> going to deal with it as a security issue until you defend it to your
>> peers.
> Who are my peers?

How can I possibly make it any clearer?  Go to oss-sec.  Those are
your peers.  Why is this so difficult?

>> I am not interested in looking at it because I am far beyond
>> my tolerance threshold with your behavior.
> "Your tolerance treshold" ... funny... but even if I'd be a jerk, other
> users will thank you for hiding the security issue away by removing
> tag, just because you don't like me.

I've clearly described how to get your precious merit badge back.  Why
are you unwilling to defend yourself against your peers?

>> Clearly prior behavior plays a huge role here.
> Well the only other
> matter I can remember where we have had more direct interaction was
> about the blob issues in chromium.

And you got that absolutely wrong too.  The chromium packages were not
built with native client, so the native client blob was totally inert.

> Anyway... since apparently this won't get solved, may I suggest that we
> close the bug as wontfix?

No, go to oss-sec and make your case.  You can earn your precious
trivial security tag by doing real quality analysis and defensible
work.

Best wishes,
Mike



More information about the pkg-dhcp-devel mailing list