[DC LoCo] Please Explain This Bug

Dan Chen seven.steps at gmail.com
Sun Jan 29 16:55:08 UTC 2012 

On Jan 29, 2012 10:55 AM, "Ken Stailey" <kstailey at yahoo.com> wrote:
>
>
>
> Hi,
>
> The bug is well known and has both Debian bug numbers and Launchpad bug
numbers.  The Launchpad one is
> https://bugs.launchpad.net/bugs/423252
>
> The bug was introduced in Ubuntu 9.10 Karmic and still persists in Ubuntu
12.04 but in an even worse state.  Prior to Ubuntu 12.04 it was possible to
work around it but the work around no longer functions.
>
> What works is an incredibly small patch which removes a single function
call.  I do not fully understand the security implications of this yet but
I do know that the patch remediates the bug without causing our environment
any additional regressions.
>
>
> The Ubuntu bug is over 800 days old.
>
> I did a branch merge proposal into that bug which has yet to generate any
feedback.
>
> Please explain why Ubuntu has such chronic bugs.

NB: I speak only as a volunteer Ubuntu core-dev.

Firstly, that patch clearly is not maintainable for a standard release,
much less an LTS, based solely on the author's comments and testing. Not to
say anything of the actual security ramifications, since libgcrypt is used
quite heavily as a dependency across the Debian and Ubuntu archives. I'm
happy to explain why initialization failure paths and memory handling are
nasty, but that really is a separate email.

Secondly, while this particular set of manifestations seems critical to
your use case, it is hardly chronic or specific to Ubuntu. This symptom
appears everywhere in anything involving humans, and you know of it as
resource prioritization. There are  many ways to escalate the priority, and
most of them involve tossing money and knowledgeable developers at the
software stack. And, in my experience, it requires a lead developer
unafraid of alienating users. Ego is sometimes a necessary evil.

In short, to fix this problem properly, you would need to ensure that all
layers in the stack are fixed AND don't regress. That is a long tail
problem. Cheers.

-Dan
On Jan 29, 2012 10:55 AM, "Ken Stailey" <kstailey at yahoo.com> wrote:

>
>
> Hi,
>
> The bug is well known and has both Debian bug numbers and Launchpad bug
> numbers.  The Launchpad one is
> https://bugs.launchpad.net/bugs/423252
>
> The bug was introduced in Ubuntu 9.10 Karmic and still persists in Ubuntu
> 12.04 but in an even worse state.  Prior to Ubuntu 12.04 it was possible to
> work around it but the work around no longer functions.
>
> What works is an incredibly small patch which removes a single function
> call.  I do not fully understand the security implications of this yet but
> I do know that the patch remediates the bug without causing our environment
> any additional regressions.
>
>
> The Ubuntu bug is over 800 days old.
>
> I did a branch merge proposal into that bug which has yet to generate any
> feedback.
>
> Please explain why Ubuntu has such chronic bugs.
>
> Thanks,
> Ken
>
>
> --
> Ubuntu-us-dc mailing list
> Ubuntu-us-dc at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-us-dc
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-us-dc/attachments/20120129/c600ae89/attachment.html>

More information about the Ubuntu-us-dc mailing list