[Secure-testing-team] Bug#797729: debian-maintainers: security not taken seriously
Richard Jasmin
frazzledjazz at gmail.com
Wed Sep 2 03:18:10 UTC 2015
Package: debian-maintainers
Severity: critical
Tags: upstream security
Justification: root security hole
Oh, lookie another bug report by ME. Gonna close it? DO SO AT YOUR OWN PERIL.
This entire week has a SLEW of bug closures(started from me), and I can guess
why.
1) Yall maintainers are too damn lazy (YAWN)
2) You REALLY DONT GIVE A SHIT about SECURITY (Lying to people? HMMM...)
3) You think that these are not issues OR are beyond scope to fix (nothing is)
LET ME put you all straight AGAIN.
Security is PROACTIVE, not an afterthought.
You are either ahead of the curve, or falling behind. 1 or a 0.
Not only have I told you were the ISSUES are, I ALSO have proposed
RESOLUTIONS.Certainly some things take time to fix, but REFUSING to PROCEED has
more consequences than you know.
Im not here to bash people into another language. Conversion is optional. BUT
IT IS MY DUTY to report where and why other languages SUPERSEDE and EXCEED
C.(And (Free)PASCAL does that very well)
I dont give a R-A if you like me, or what I have to say.Its backed by years of
programming experience, not OPINION.Dont think youre getting rid of me THAT
EASY.
Before you go hitting the whack-a-mole reply all or delete or close button,
know this.
REDHAT knows what Im talking about. They are making DRASTIC code compile
changes with Fedora 23.If I were you, Id try and figure out what they are
changing and why.Theyre obviously doing it for some reason.Then Id try and
implement these changes myself.
Non-free devs know you dont have the source code.Just let them know about the
issue so they can fix it.It is up to the rest of yall to fix the FREE stuff.
You have the sources. YOU HAVE the MAKEFILES. YOU CAN FIX IT.
Buggy apps like mupen64 are expected to be dropped until the programmer fixes
the SLOPPY code.It stack smashes.NO, its NOT SUPPOSED TO.Until it gets FIXED,
its SLOP.
But then again, you never bothered to check for things like that, did you? More
than likely, NOT.
So go ahead.Close me. Embarass yourself further. I REALLY could care less. But
the world will know that at least I gave a SHIT enough to warn you.
-- System Information:
Debian Release: 8.1
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
More information about the Secure-testing-team
mailing list