{"id":360,"date":"2008-05-17T23:05:26","date_gmt":"2008-05-17T21:05:26","guid":{"rendered":"http:\/\/daniel.haxx.se\/blog\/?p=360"},"modified":"2008-05-19T11:13:59","modified_gmt":"2008-05-19T09:13:59","slug":"blaming-debian-packaging","status":"publish","type":"post","link":"https:\/\/daniel.haxx.se\/blog\/2008\/05\/17\/blaming-debian-packaging\/","title":{"rendered":"Blaming Debian packaging"},"content":{"rendered":"

I happened to read the blog post called Open-Source Security Idiots<\/a> which really is having a go at the poor Debian maintainer of OpenSSL<\/a> for causing the recent much debated OpenSSL security problem<\/a> in Debian<\/a> and Debian-based distros.<\/p>\n

While I think the author Steven J. Vaughan-Nichols is mostly correct about his criticism, I think he’s being far too specific and trying to pinpoint Debian and claiming that to be a single specific bad distro (and his additional confused complaint on Firefox vs Iceweasel just made the article lose focus).<\/p>\n

As someone who’s involved in a bunch of projects that are being packed by a range of Linux distros, I can’t but to disagree. This habit of changing packages without passing the changes upstream<\/a> is wide-spread and not limited to changes done by maintainers since it also includes mere bug reports<\/a>. It is something that just about every distro<\/strong> is doing to at least some extent. It varies from package to package and over time, but given an overview I honestly can’t say that there’s a single specific distro that is worse than the others. It is a disease that follows the distros and we must all help out to exterminate it.<\/p>\n

Of course, the upstream projects also need to be aware of this and help pushing packagers of their software to behave.<\/p>\n","protected":false},"excerpt":{"rendered":"

I happened to read the blog post called Open-Source Security Idiots which really is having a go at the poor Debian maintainer of OpenSSL for causing the recent much debated OpenSSL security problem in Debian and Debian-based distros. While I think the author Steven J. Vaughan-Nichols is mostly correct about his criticism, I think he’s … Continue reading Blaming Debian packaging<\/span> →<\/span><\/a><\/p>\n","protected":false},"author":5,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11,14],"tags":[150,421,193],"class_list":["post-360","post","type-post","status-publish","format-standard","hentry","category-development","category-linux","tag-debian","tag-linux","tag-openssl"],"_links":{"self":[{"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/posts\/360","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/comments?post=360"}],"version-history":[{"count":0,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/posts\/360\/revisions"}],"wp:attachment":[{"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/media?parent=360"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/categories?post=360"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/daniel.haxx.se\/blog\/wp-json\/wp\/v2\/tags?post=360"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}