On Fri, May 25, 2001 at 01:55:35AM -0700, Jacob Meuser wrote: > > > Well, you /could/ just check their sources. They're on the web you > know. http://www.openbsd.org/cgi-bin/cvsweb/ They're published > in public, what more do you really want? It's pretty easy to find > out when and who made changes to a CVS repo, and they're pretty > particular about proper Changelogs.
yes and how many distros/OSes, and other possible places are there where a given peice of Free software is living in CVS, having bugs fixed. can you really expect the upstream maintainer to spend all there time running around checking changelogs and cvs diffs of x many different CVS repos? do you really expect some upstream maintainer to regularly check all changes to his program in: OpenBSD's CVS FreeBSD's CVS NetBSD's CVS Redhat's rpm patches Mandrake's rpm patches Debian's patches ... ... ... ... i suspect they don't have time for that. when debian fixes a serious bug in a package they send the patch upstream, its just common courtesy. a courtesy OpenBSD seems to lack, but then that gives them an edge and opertunity to brag when the bug is found by everyone else eventually. > Well, to some degree this may be true. Sometimes the OpenBSD > developers, Theo de Raadt in particular, kind of come off as rude > and pretentious. Just check the [EMAIL PROTECTED] mailing list archives > for some entertaining flames :) oh i am well aware of Theo's legendary reputation for being a complete bastard, but i don't really think the samba maintainer is going to leave a security hole unpatched just because Theo has an abrasive personality... -- Ethan Benson http://www.alaska.net/~erbenson/
pgpiD4FGZrPht.pgp
Description: PGP signature
