Core-Dev Application: Till Kamppeter

Till Kamppeter till.kamppeter at gmail.com
Wed Apr 2 16:28:10 BST 2008 

Soren Hansen wrote:
> On Wed, Apr 02, 2008 at 11:46:16PM +1100, Sarah Hobbs wrote:
>>> We advertise Feature Freeze as a rather hard deadline for getting new
>>> packages into the archive. People rushing to upload stuff moments
>>> before FF kicks in is not an uncommon phenomenon. There's a reason we
>>> don't release right after feature freeze :)  I happen to know that
>>> it's usually not particularly difficult to get an FF exception
>>> approved shortly after FF, but for someone who's never done that, it
>>> might appear differently.
>> I have to say that I have my doubts about this one, for a few reasons
>> that I can't put into words right now.
> 
> Yeah, I was a bit hasty there. Sorry.
> 
> I'm not saying I'd have done the same if I had been in Till's shoes. I
> wouldn't. I'd probably have asked the people on the motu-release team on
> IRC if they'd accept the package in a day or two and then write the FFe
> so that it was ready.
> 
> I'm just saying that I don't consider this as severe as you apparantly
> do.
> 
> 

As far as I remember the problems of the first uploaded packages were

- At least for some packages permissions and ownerships of some files
   were not correct and so the printers supported by them were not
   correct
- The config file with the default settings for the printer driver was
   located in /usr and world-writable

There was nothing which could break the system or a non-Brother printer, 
The only thing a malicious user could do by editing the world-writable 
file is making another user's print job coming out different as he 
wishes or not coming out at all.

The issue with the wrong permissions/ownerships of the driver files I 
could not test as I do not have any Brother printers. I assumed that the 
contributors have Brother printers to do the needed testing. Usually 
people who do contributions like this are motivated by the frustrating 
situation that their printers do not work.

For the world-writable file I got a fix already the following day. The 
permission/ownership problem took something like two or three weeks as 
interaction with people using Brother printers was needed.

As the contributors actually fixed the packages, I am confident that 
they do not work for Brother's competition.

    Till

More information about the Motu-council mailing list