[Pkg-dspam-misc] Bug#369886: [dspam-dev] Debian Patches for a couple of bugs.

Daniel Kahn Gillmor dkg-debian.org at fifthhorseman.net
Mon Jun 19 19:18:41 UTC 2006 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Jesus--

[Moving this discussion to the debian bug tracker, since it's now more
about debian packaging than upstream]

On June 19, jesus.climent at hispalinux.es said:

 > On Mon, Jun 19, 2006 at 01:25:55PM -0400, Daniel Kahn Gillmor wrote:
 > 
 > > On June 19, jesus.climent at hispalinux.es said:
 > >
 > >  > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=369886
 > > 
 > > a variant of this patchset was already submitted on this list [0] (it
 > > was the command-line argument variant), and is probably indefinitely
 > > on hold for upstream due to a couple reasons:
 > > 
 > >  0) jonz seemed unconvinced [1] that dropping privileges in the way i
 > >     suggested would be sufficiently secure to avoid exploitation
 > >     (though i confess i didn't understand his argument)
 > > 
 > >  1) jonz and myself were unfortunately unable to come to a
 > >     mutually-satisfactory agreement about copyright assignment :(
 > 
 > Ok, i will tag it wontfix, then.

If you think that's the best way to go for this bug, i'll stick with
your decision.  But i'd like to continue to consider it for debian, at
least.

If the concern is the copyright assignment issue, that shouldn't have
any bearing on the patch's integration with debian.  jonz has only
stated that he won't accept copywritable contributions from me
upstream without giving him full copyright assignment.  The patch
itself is offered under the GPL, so i wouldn't think there would be a
problem with debian using it.

If the reason is the security argument, can you help me understand
what the issue is with the patchset?  I'd like to try to fix it, if
possible.

 > I went through the list of bugs to do the upload asap.

That sounds great!  Thanks for doing it.

	--dkg

 > > [0] http://news.gmane.org/find-root.php?message_id=%3c17515.39819.64753.124171%40localhost.localdomain%3e
 > > [1] http://news.gmane.org/find-root.php?message_id=%3cB26CB601%2d821B%2d4B16%2d88CD%2dF8E29F9BAF49%40nuclearelephant.com%3e
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.8+ <http://mailcrypt.sourceforge.net/>

iD8DBQFElvhqiXTlFKVLY2URAhncAKCXNaMgLQZ5Z8hQD6Zp8l354EIeuQCeJL+r
zX4bcv/iFkMrYtFvVN9lfVA=
=QSqv
-----END PGP SIGNATURE-----

More information about the Pkg-dspam-misc mailing list