xchat and hexchat

Gianfranco Costamagna costamagnagianfranco at ubuntu.com
Mon Mar 12 15:17:55 UTC 2018


Hello,

>I've added this to the TB agenda. I imagine it'll take quite a bit of
>reading of the various references (I've added them to the agenda item)
>so appreciate you may not be able to decide by tomorrow's meeting.


just to give my quick maintainer point of view.

1) the security issues it has, are also applicable to hexchat (we will upload
a fixed hexchat soon, upstream after all this debate quickly found and fixed some issues
and released a new upstream tarball)

this said, the security issues, can crash hexchat or xchat if you connect to a malicious
server, sending non standard irc replies.
(so, an exceptional use case I would say)

2) the package is not upstream maintained but it is fully Debian/Ubuntu downstream maintained.
I did fix a lot of bugs, and did ~10 uploads in the archive, making it suitable again for
release (in my maintainer opinion, feel free to have whatever different opinion)

3) I still need to reproduce the ctrl+i crash, I failed so far
4) see my point here
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=891982#35
5) having 40 patches is a complete nonsense, what is the problem if somebody is willing to maintain
it that way?
would it be better if I create a new "upstream" release and upload a no-patch package? it would end
up in a similar result, I don't see the difference
6) I'm willing to maintain it for bionic lifespan.
7) people debating about something is not a good reason from stopping adoption or remove it
(cfr: init systems war :p )
8) both upstream/hexchat and Ubuntu/xchat maintainers opinion are biased, so, consider that here
I'm just making a point for xchat, not against.


just my .02$, feel free to do whatever your hat demands to do, I'll happily accept any decision
you will take on this matter :)
(I'll continue to maintain it in my ppa anyway, unless you ask me to stop doing it :p )

thanks for reading,
(Robie, please bounce the email in case it doesn't reach the two lists)

Gianfranco



More information about the technical-board mailing list