
Xscreensaver Author: “Please Remove XScreenSaver from Debian Linux” - djvdorp
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819703#158
======
JetSpiegel
Previously:
[https://news.ycombinator.com/item?id=11412081](https://news.ycombinator.com/item?id=11412081)

------
ajnin
The message is perhaps a bit rude but the proposed patch is a real dick move,
it would remove the warning while keeping all the contact info etc inviting
users to send bug reports to upstream for this outdated version (which is what
prompted him to add the warning in the first place).

Debian needs to realize that this is their problem too, often packages that
are included as part of a new Debian release are already several month or even
years out of date. I know Debian values stability above all but come on.

------
jmount
I like how they argue it would be less work to patch around the "out of date"
message (and then maintain a fork) than to just update XScreenSaver. By Debian
logic wouldn't they have to wait forever to take their own patch? Or better
you why don't they claim they have already patched it out- but it isn't in the
distro just yet!

~~~
awinder
Nope, because patch code written by a bunch of package maintainers is
obviously more trustworthy than code written by the original author. DUH!
/sarcasm

~~~
LoSboccacc
Yup
[https://www.schneier.com/blog/archives/2008/05/random_number...](https://www.schneier.com/blog/archives/2008/05/random_number_b.html)

~~~
icebraining
Actually, the Debian maintainer that made the buggy patch is also a member of
the OpenSSL dev team, so technically they are just as trustworthy :)

------
icebraining
Previous discussion:
[https://news.ycombinator.com/item?id=11412081](https://news.ycombinator.com/item?id=11412081)

------
jstewartmobile
It's not until message #245(!) that anyone sounds even remotely reasonable:
[https://bugs.debian.org/cgi-
bin/bugreport.cgi?bug=819703#245](https://bugs.debian.org/cgi-
bin/bugreport.cgi?bug=819703#245). The whole thread really makes me wary of
using Debian.

