On upstream authors

<p>

I finally fixed a /tmp handling bug in one of my packages tonight after the
upstream author didn't act on the bug report for a few weeks.  After
talking to Matt Zimmerman about security work a few weeks ago, I decided to
look at my packages in detail and found a potential problem.  Matt
confirmed that it allows an DoS.  Nothing terribly serious, but still an
important bug that has to be fixed.  So I forwarded it upstream, in the
hope that upstream would fix it.  However, from past experience, my
expectation were low.  Basically, most of the time I receive a bug report,
I have to come up with a patch myself which I then forward upstream.  I
have no problem contributing to upstream, but after a few years it is
getting quite tiresome that I have to fix most bugs myself and that there
is almost no upstream development.  This entry is not supposed to be a
rant, though.  Instead, I'd like to thank all the active upstream authors
out there, and there are some truly incredible people!  A while ago I
packaged a new tool and the author is fantastic.  Every time I think of a
new feature or a user requests something, I mention it to the upstream
author who usually mails me a few days later saying that a new upstream
release is out.  He is really incredible and it's so much fun working with
him.  In fact, I feel guilty sometimes because I have to do so little work
myself, but on the other hand I do make important contributions (I wrote
man pages which were integrated upstream, I worked on good integration of
the tool with debian-installer, and obviously good integration with Debian
itself, etc).

</p>

<!-- time: 2004-06-23 01:10:00 -->