Do you think this is a security risk and if not is it a bad UI decision?

Toshio Kuratomi a.badger at
Sun May 5 02:16:01 UTC 2013

On Sat, May 04, 2013 at 04:42:58PM -0600, Kevin Fenzi wrote:
> If they do decide to keep the change, you could escalate it to FESCo. 
> However, (speaking only for myself here) I would be VERY reluctant to
> override maintainers on their packages on something that is a design
> decision/judgement call. Where would we draw the line? 

I think there is a line to be drawn somewhere.  And unfortunately, in some
packages, that line probably needs to get drawn further into what the package
maintainer and software author might consider their territory than others.

I suppose for me security is probably one criteria for drawing the line.
How many people the change affects is probably another one.  This particular
change seems to hit both those criteria.  Criteria that could ameliorate
those would be how easily users could use an alternative and whether the
change is being announced at a volume to suit the amount of change it
represents.  (Security might still trump those... but as adamw said, it's
likely to depend on how much less secure I might evaluate it to be compared
to how much other benefit the feature seems to bring).

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <>

More information about the devel mailing list