[Pkg-games-devel] Another joiner!

[Steve Kemp]

  I was curious enough to join after seeing the message 
 posted to debian-devel for two main reasons:

    1.  I "maintain" a couple of games.
    2.  I'm curious about the security issues mentioned in
       the 'advert' mail.

  I've probably audited a large proportion of the games currently
 available in Woody, and frequently look over new games because
 they traditionally are an easy thing to examine and a rich
 source of security holes.

  (I think I've been responsible for at least 20 game-related
 DSAs in the past couple of years.  Including the first one of
 this year :)

  This is largely because many games are setgid(games) so
 they can write to global highscore files.  (Other cases
 are mostly gone.  Previously many games were setuid(0) to
 interface with svgalib, etc.)

  I've been tempted more than once to start a debate about
 global highscores.  I think that too many games are setgid
 for no other reason, and that in many many cases a Debian
 installation used for games is going to be a single-user system.

  If that really is the case then it might make more sense
 to patch games to save highscores somewhere beneath $HOME and
 drop the setgid bit wholly.

  Anyway the games I maintain are largely dead upstream, so
 I don't do a whole lot with them.  Every now and again I'll
 make a new upload to change the standards version, or tweak
 the menufile.  But otherwise I think I could say I'm not
 really maintaining them as such.

  I would imagine that one of the goals of the games list would
 be to update each game so that any member could upload them?
 Kinda like how GNOME, etc, work.  Is that the case?

  If so I'm happy to giveup sole maintainership of my games.
 Not a big deal since I have no real involvement with upstream
 anymore..

Steve
-- 
Debian GNU/Linux System Administration
http://www.debian-administration.org/