IN REPLY to Aaron Bauman that didn't keep me CC'ed as requested: >Is this coming from the same individual who would complain when security >bugs were not filled out properly in the summary? So, take a dose of >your own medicine here. People prefer usable reports that allow them to >solve problems.
First: we are talking about a different topic, so what happened in security context doesn't matter here. Second: I never complained about summary of security bugs, so since you said: "Keep it on the ML and people will have record." can you tell me where your statement is recorded? >Where was this positive feedback? As you stated on #gentoo-dev today you >don't really participate in the ML... so, I presume the positive feedback >came on IRC. Most of us don't scan those logs to "prove" such things. Keep it >on the ML and people will have record. By positive feedback I mean that the system worked and discovered bugs. >This shouldn't be "ago v toralf" This isn't ago v toralf and it never was unless you misunderstood. > Right now, it looks like that is mostly negative given the ML feedback. I really guess you have a distorted view of reality. >Frankly, if this is anything like your security efforts (re: fuzzing) >then I can understand the concerns people have expressed. >Please, stop with the "automate everything, open many bugs, and move on" >philosophy. It didn't work well in security and it won't work here. >Build a quality solution that makes an impact for the distro. Again, this is something not related of what we are talking about. Fuzzing research have been stopped over 3 years ago so what you're talking about? >ACK. This is the same level of coordination the security team received >when a multitude of bugs were filed once ago discovered fuzzing. Sorry, but I real do not have tracks of what you are talking about. > It was lots of bugs little information, inabilities to reproduce various >crashes, invalid ratings/severity levels, and often a blog that >simply regurgitated the same inaccuracies. Usually I don't partecipate in mailing list because it is a place where other can throw mud on others like this. Little Information? I do not guess so because the provided information were: 1) command to reproduce 2) stacktrace 3) affected version 4) fixed version 5) commit fix 6) reproducer 7) timeline > inabilities to reproduce various crashes If you can't reproduce a crash it is not my fault > Any attempt to ask/coordinate was met with lack of information or simply "see my blog" responses. Do you have a track of this? > The only time interaction occured was when bugs were closed due to invalidity, lack of information, or severity/ratings downgraded. Do you have track of this? In short, please remain on topic, if you have anything to say about other projects, feel free to open a thread where we can do a separate discussion ;) Thanks P.S. I don't know why but instead of seeing a constructive discussion I notice that there is always a bit of contempt about what others do, and this is really bad for an opensource community
