IF apple said "hey we edited your app because we think its more secure"...
People would have torches and pitchforks out.
But a deb maintainer does it and there is debate?
If there was a security issue then the insecure version should NOT be available. But again this is not the case.
In an App Store world, the role of mainainter has to change. The job is to make the software work with the distro, not keep the name and make some pseudo fork because you want it to be another way.
The fact that they are customizing the software is not really the issue. The issue is that they are making a change that will remove significant functionality and in some cases completely lock some users out of their password database, which is a huge deal. Imagine if you wake up tomorrow, run a software update and then can't log in to your bank?
I imagine the reason this has blown up so much is that the maintainer never reached out to the upstream about this, and was rude and condescending when upstream reached out to them.
The snark here is unnecessary and completely disconnected from how people use these systems in the real world.
Deferring to “it’s in the notes!” means nothing if you have more than a handful of packages on your machine.
You should also clarify the assertion that packaging affecting testing target won’t eventually hit stable, because that would be a major change that I haven’t heard about.
I've visited the App Store world, and my experience was that, weighted by how often packages appear in search results, the median is charitably described as "potentially unwanted", and honestly described as malware.
People would have torches and pitchforks out.
But a deb maintainer does it and there is debate?
If there was a security issue then the insecure version should NOT be available. But again this is not the case.
In an App Store world, the role of mainainter has to change. The job is to make the software work with the distro, not keep the name and make some pseudo fork because you want it to be another way.