Disabling of "wide links" violates "principle of least surprise"

Tue May 11 14:45:00 MDT 2010

On Tue, 2010-05-11 at 22:23 +0200, Alain Knaff (Samba Lists) wrote:
> >> Sorry to be so blunt, but I still get the impression that all this
> is
> >> more about ego than about "To serve our users best".
> > 
> > What ego ? Whose ego would be served by this ? That makes
> 
> I don't know. To me it looks like you're awfully defensive about this
> issue (not only here on the list, but also on the bug tracker), and
> nobody else on this list seems to be. I don't know why, but that's the
> impression I'm getting. Sorry if I was getting the wrong impression
> here...

I don't feel like I have to chime in every time Jeremy brings on the
Team view, but if you insist I was one of the proponents of this change
in accord with Jeremy and others and I strongly believe it was the right
one too.

> > no sense, sorry. It was the best decision we could make
> > to ensure default users are secure. Sorry you don't agree
> > but you didn't turn up when the original problem occurred,
> 
> Do you know how many packages are in a typical Linux distro? Are you
> really expecting people to monitor the boards and forums attached to
> all
> these packages, just in case a "bad" decision is made? With that kind
> of
> workload, nobody would have the time to use Linux...

Vendors do prominently warn when changes are made that causes a
different behavior, if your distribution doesn't do that, well, too bad.

> > and most comments from people who did were in favour of
> > the solution we decided.
> > 
> > If you want this changed, you'll have to get a majority
> > of people to agree with you,
> 
> Well, now we're 2 (Michael and me) versus one (you), with most others
> (apparently) not caring strongly either way. Unless I missed some
> threads, but that's why I was asking for a pointer.

We can't waste all our time to reply on a thread like this, from my POV
you can consider Jeremy's reply as representing the whole Samba Team
(see the team list if you want to count numbers).

> > including the security teams
> > of the major distributions, who reviewed our decision before
> > we made it.
> 
> Oddly enough, the distributions are blaming "upstream",

Sorry, can you define what are "the distributions" ?
I can tell you that Red Hat and Fedora are not blaming "upstream" given
they put effort in helping fixing this bug (I am the person that did it
for both so I can tell you).

I guess you refer to Ubuntu, well in this case I would suggest you tell
them to hire a Samba Team member and make him active in helping out with
security issues upstream so that next time they will be able to have
their say and participate in such decisions.

>  i.e. you (the samba developers)... As an outsider, it's sometimes
> hard to figure out who is right in this game of ping pong...

Upstream is always right of course :-D :-D

> > Do you normally find that insulting people works
> > to get what you want ?
> 
> ??? what is this doing in here?

Look at the top, your "bluntness" was not really kind, was it ?

Simo.

-- 
Simo Sorce
Samba Team GPL Compliance Officer <simo at samba.org>
Principal Software Engineer at Red Hat, Inc. <simo at redhat.com>