On Mon, May 21, 2012 at 04:03:37PM -0500, Jonathan Nieder wrote: > No, none of us are being paid for this. :)
Hello Jonathan, > I think everything would have gone more smoothly if you had said > "Fixing this properly is not my itch --- here's a patch to illustrate > the problem, and it works for me. I hope someone else can pick it up > and make a patch for integration". That would have saved time! No, that's not what I was trying to imply. I try to provide a patch which fixes the issue properly. However I didn't think that adding a flag to a Makefile which is supposed to be used to pass flags from the environment to the compiler is a change which could be rejected by upstream (or is not worth of inclusion in the Debian package if not checked with upstream). > I do certainly think that talking to upstream is often part of > proposing and advocating a change in a Debian package. It is not the > package maintainer's job --- it is the job of whoever wants the change > to happen. I've found missing hardening flags in dozens of packages and have provided patches (to the best of my ability and as small as possible) to fix the issue (almost all were integrated - also in upstream with the maintainer's help). But I don't have the time to try to discuss such changes with upstream first, before I open a Debian bug. > Thanks for your work, and hope that helps. > Jonathan Regards, Simon -- + privacy is necessary + using gnupg http://gnupg.org + public key id: 0x92FEFDB7E44C32F9
pgpROnMSUTQoK.pgp
Description: PGP signature
