Bug#369886: [Pkg-dspam-misc] Bug#369886: [dspam-dev] Debian Patches for a couple of bugs.

Matthijs Mohlmann matthijs at cacholong.nl
Wed Jun 21 06:32:31 UTC 2006 

Daniel Kahn Gillmor wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hi Jesus--
> 
> [Moving this discussion to the debian bug tracker, since it's now more
> about debian packaging than upstream]
> 
> On June 19, jesus.climent at hispalinux.es said:
> 
>  > On Mon, Jun 19, 2006 at 01:25:55PM -0400, Daniel Kahn Gillmor wrote:
>  > 
>  > > On June 19, jesus.climent at hispalinux.es said:
>  > >
>  > >  > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=369886
>  > > 
>  > > a variant of this patchset was already submitted on this list [0] (it
>  > > was the command-line argument variant), and is probably indefinitely
>  > > on hold for upstream due to a couple reasons:
>  > > 
>  > >  0) jonz seemed unconvinced [1] that dropping privileges in the way i
>  > >     suggested would be sufficiently secure to avoid exploitation
>  > >     (though i confess i didn't understand his argument)
>  > > 
Do you have a pointer to his explanation ? And yours ?

>  > >  1) jonz and myself were unfortunately unable to come to a
>  > >     mutually-satisfactory agreement about copyright assignment :(
>  > 
Same goes for me.

>  > Ok, i will tag it wontfix, then.
> 
> If you think that's the best way to go for this bug, i'll stick with
> your decision.  But i'd like to continue to consider it for debian, at
> least.
> 
> If the concern is the copyright assignment issue, that shouldn't have
> any bearing on the patch's integration with debian.  jonz has only
> stated that he won't accept copywritable contributions from me
> upstream without giving him full copyright assignment.  The patch
> itself is offered under the GPL, so i wouldn't think there would be a
> problem with debian using it.
> 
The source of dspam is released under the GPLv2, so it won't give a 
problem to apply a patch that is offered under the GPL.

> If the reason is the security argument, can you help me understand
> what the issue is with the patchset?  I'd like to try to fix it, if
> possible.
> 
>  > I went through the list of bugs to do the upload asap.
> 
> That sounds great!  Thanks for doing it.
> 
> 	--dkg
> 

Hi,

I like your patch and your proposal, and would like to see this in 
Debian, but doesn't this interfere with the patch: add-config-dir.dpatch 
? And is there a possibility to write some documentation around it (in 
NEWS.Debian or README.Debian for example ?

Regards,

Matthijs Mohlmann

PS: Did this conversation took place at the mailinglist of dspam ? I 
believe I missed something...

More information about the Pkg-dspam-misc mailing list