Re: Processed: severity of 818217 is grave

To: david.aitcheson@gmail.com, Debian Bug Tracking System <owner@bugs.debian.org>, Moritz Muehlenhoff <jmm@inutil.org>, Colin Tuckley <colint@debian.org>
Cc: debian-hams@lists.debian.org
Subject: Re: Processed: severity of 818217 is grave
From: John Paul Adrian Glaubitz <glaubitz@physik.fu-berlin.de>
Date: Thu, 2 Jun 2016 10:48:26 +0200
Message-id: <[🔎] 91e73d11-8a54-8583-bfe3-8f1d4e0005c8@physik.fu-berlin.de>
In-reply-to: <[🔎] 574F89C2.4050005@gmail.com>
References: <E1b89K7-0006jQ-K7@inutil.org> <[🔎] handler.s.C.146479973417496.transcript@bugs.debian.org> <[🔎] 574F89C2.4050005@gmail.com>

On 06/02/2016 03:20 AM, David A Aitcheson wrote:
> This problem was reported upstream and has been worked on.

But it has not been resolved yet in the Debian package which is the whole point.

> Additionally it IS NOT a Xastir problem; it is a "Jasper is not going to be available" problem.

Yes, but that is still a problem with Xastir in Debian because it build-depends on a library
which is no longer maintained and therefore a potential security problem. This is why Debian
is removing this library and any other package depending on Jasper is getting a bug report
to remind the maintainers to work on it.

> The SOLUTION is for people to learn how to pull Xastir from CVS and build on each platform that they use.
> 
> Why? Because it is ALREADY FIXED in the CVS available source code.

How is this relevant? The only thing that is of concern for Debian is the version currently in Debian.

> Also note that Xastir is a HAM RADIO OPERATOR USE ONLY program.

Completely missing the point. Debian is concerned of the security of all packages we are shipping,
not just the popular ones unlike other distributions. If a package does not have the release criteria,
it will be removed from testing. Period.

> The Xastir team has _many Wiki's_ and numerous people willing to help those that ask for it nicely.

Again, completely irrelevant.

> Moritz, whatever version you are using is no longer valid unless you pulled it from CVS since 1800 UTC today (01June2016). Yes, the development is that active.

Moritz is not using anything. He is concerned about security, that's what he is doing in Debian. He
couldn't care less about what you are doing in your upstream project.

> The developers DO NOT create any packages for any distributions at all; the packages in the distributions are done by those that volunteer time out of very busy
> schedules.

You think Moritz doesn't know that? Did anyone here ever claim the opposite?

> My suggestion to you, provided you are a Licensed Ham Radio Operator is that you join the Xastir mailing list / reflector at
> http://xastir.org/mailman/listinfo/xastir and also read over the Wiki's available via Xastir.org.

Again, you are completely missing the point. Moritz is not a user. He is concerned about security
in Debian. The current state of Xastir in Debian makes it unfit for release which is why this
bug report exists in the first place.

Please don't accuse others of ignorance when clearly you're the one who is being ignorant since
you apparently don't understand why this bug report was filed in the first place.

> David Aitcheson - KB3EFS

Adrian Glaubitz - DL7YZ

-- 
 .''`.  John Paul Adrian Glaubitz
: :' :  Debian Developer - glaubitz@debian.org
`. `'   Freie Universitaet Berlin - glaubitz@physik.fu-berlin.de
  `-    GPG: 62FF 8A75 84E0 2956 9546  0006 7426 3B37 F5B5 F913

Reply to:

References:
- Processed: severity of 818217 is grave
  - From: owner@bugs.debian.org (Debian Bug Tracking System)
- Re: Processed: severity of 818217 is grave
  - From: David A Aitcheson <david.aitcheson@gmail.com>

Prev by Date: Processing of xastir_2.0.6-5_amd64.changes
Next by Date: Bug#818217: marked as done (xastir: Jasper removal)
Previous by thread: Re: Processed: severity of 818217 is grave
Next by thread: Processing of fldigi_3.23.10-1_amd64.changes
Index(es):
- Date
- Thread