Bug#369886: [Pkg-dspam-misc] Bug#369886: [dspam-dev] Debian Patches
for a couple of bugs.
Matthijs Mohlmann
matthijs at cacholong.nl
Wed Jun 21 06:32:31 UTC 2006
Daniel Kahn Gillmor wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi Jesus--
>
> [Moving this discussion to the debian bug tracker, since it's now more
> about debian packaging than upstream]
>
> On June 19, jesus.climent at hispalinux.es said:
>
> > On Mon, Jun 19, 2006 at 01:25:55PM -0400, Daniel Kahn Gillmor wrote:
> >
> > > On June 19, jesus.climent at hispalinux.es said:
> > >
> > > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=369886
> > >
> > > a variant of this patchset was already submitted on this list [0] (it
> > > was the command-line argument variant), and is probably indefinitely
> > > on hold for upstream due to a couple reasons:
> > >
> > > 0) jonz seemed unconvinced [1] that dropping privileges in the way i
> > > suggested would be sufficiently secure to avoid exploitation
> > > (though i confess i didn't understand his argument)
> > >
Do you have a pointer to his explanation ? And yours ?
> > > 1) jonz and myself were unfortunately unable to come to a
> > > mutually-satisfactory agreement about copyright assignment :(
> >
Same goes for me.
> > Ok, i will tag it wontfix, then.
>
> If you think that's the best way to go for this bug, i'll stick with
> your decision. But i'd like to continue to consider it for debian, at
> least.
>
> If the concern is the copyright assignment issue, that shouldn't have
> any bearing on the patch's integration with debian. jonz has only
> stated that he won't accept copywritable contributions from me
> upstream without giving him full copyright assignment. The patch
> itself is offered under the GPL, so i wouldn't think there would be a
> problem with debian using it.
>
The source of dspam is released under the GPLv2, so it won't give a
problem to apply a patch that is offered under the GPL.
> If the reason is the security argument, can you help me understand
> what the issue is with the patchset? I'd like to try to fix it, if
> possible.
>
> > I went through the list of bugs to do the upload asap.
>
> That sounds great! Thanks for doing it.
>
> --dkg
>
Hi,
I like your patch and your proposal, and would like to see this in
Debian, but doesn't this interfere with the patch: add-config-dir.dpatch
? And is there a possibility to write some documentation around it (in
NEWS.Debian or README.Debian for example ?
Regards,
Matthijs Mohlmann
PS: Did this conversation took place at the mailinglist of dspam ? I
believe I missed something...
More information about the Pkg-dspam-misc
mailing list