Thunderbird bz 579023 still not fixed even though there is an upstream fix available
kevin.kofler at chello.at
Fri Apr 30 06:04:04 UTC 2010
Christopher Aillon wrote:
> You really don't see the value in having the engineers that own the code
> give technical review?
I don't think this should be a requirement for each and every patch to ANY
It is generally not necessary and delays fixing bugs a lot.
> Anyway, it's unfortunate that this really isn't done more often. I
> really think that as a project, we'd be doing a lot better if we
> mandated upstream review before applying patches to any package if you
> aren't an upstream maintainer of the code. As it is now, it's somewhat
> scary to think how many packagers would take a bugfix patch and apply it
> without being able to figure out if there's a potential hidden exploit
> in it...
And you think the average upstream is any better at this? Seriously?
More information about the devel