The trojaning of mICQ
The trojaning of mICQ
Posted Feb 22, 2003 0:38 UTC (Sat) by proski (subscriber, #104)In reply to: The trojaning of mICQ by Steve_Baker
Parent article: The trojaning of mICQ
In my not so humble opinion, Debian owes Mr. Kuhlmann an apologyThat would be the case if Mr. Kuhlmann didn't act in such a childish way. Even adding the same warning code without obfuscation would have made a better statement.
When Opera developers were upset about MSN serving broken pages, they released the "Bork" edition, but they were open about the changes they made. It's not like "borkifying" MSN was an undocumented feature of an official release.
Besides, if Mr. Kuhlmann was upset about Debian distributing old versions of micq, he should have encourage the Debian maintainer to upgrade. Mining the new version to protest against distributing old versions is preposterous. The result of his actions is that the future maintainer will be pretty much discouraged from grabbing the next version without doing a very careful audit of the changes.
Posted Feb 22, 2003 2:11 UTC (Sat)
by Steve_Baker (guest, #265)
[Link] (2 responses)
You cannot justify Debians' actions just because you don't agree with
the developer. It would have been better perhaps if he had found some
other way to get his point across, but I don't believe for a minute that
he hadn't already exhausted most "diplomatic" methods before doing
this. Don't forget that he would be helpless to stop the debian maintainer
from removing his bitch message, which was the whole point of obfuscating
it and waiting for a specific date in which to appear. He did that
precisely because the Debian maintainer has the power to shut him up as it
were. Remember that the Debian maintainer was roundly criticized for
effectively failing to do so. Regardless of his so called "childishness", Debian made the greater
error in removing his name from the copyright file. That is not
excusable, and his later actions do not change the fact that Debian owes
him an apology. And I stand by that assertion.
Posted Feb 22, 2003 20:51 UTC (Sat)
by mongre26 (guest, #4224)
[Link]
It is the responsibility of the maintainers/users of the software to use it responsibly. If they do not like his features, they should not use his software. It is their choice. The removal of the name from the copyright is the big issue here. That is expressley prohibited under copyright law and illegal in countries that have signed international copyright agreements. The maintainer should be severely chastised for this, even more so since he is ostensibly a supported of software libre. As far as this being some tip of the iceberg situation as the original LWN editor suggested, please, enough with the scare mongering. There is nothing new here save perhaps people had their assumptions challenged. Using software, commercial or open source is a calculated risk. There are no guarantees. However I would suspect that we have much more to fear from incompetence than malice when it comes to software.
Posted Feb 24, 2003 2:03 UTC (Mon)
by Duncan (guest, #6647)
[Link]
The trojaning of mICQ
I agree Steve, the developer can add any features to his program he wishes, no warranties expressed or implied. The trojaning of mICQ
<quote> The ethics of "trojaning" vs. stealing code.
Regardless of his so called "childishness", Debian made the greater error in
removing his name from the copyright file. That is not excusable, and his later
actions do not change the fact that Debian owes him an apology.
</quote>
Initially, I was asking myself what sort of irresponsible general maintainer this was,
to do what he did.
Then I realized the truth of the above. His name wasn't in the copyright file, so he
had every reason to assume none of his code would be in their version anyway.
Thus, he could write whatever he wanted and it wouldn't see the light of day,
because it wouldn't be triggered by being in their distribution, because they would
have removed it as code from someone not in the copyright file, rather than stealing
from him, which taking his code without attribution is, in effect.
Looked at it that way, all he did was prove that they were stealing his code, while at
the same time demonstrating a VERY important point about what he COULD have
done, the dangers that existed if someone were to exploit them, because the Debian
maintainer wasn't doing HIS job, but rather, was stealing from someone else, without
even crediting him for his contribution.
It's going farther than I would have. That's not my nature. However, I certainly
don't blame the general maintainer for doing what he did, because, indeed, he had
every reason to believe in good faith that none of his code was being included
anyway, because after all, the Debian maintainer certainly wasn't THAT unethical,
and CERTAINLY wouldn't include code stolen without attribution, would he?