the paragraph for the technical committee seems like a very good start. however, i request the following rewrite of the fourth sentance:
The submitter sees the getweb script's dependencies on external data/files as potentially dangerous. Once the package enters stable, upstream changes (moving/modifying files, etc.) can break functionality -- leading to a package that can no longer be considered "stable." External dependencies also potentially leave users vulnerable to security risks (the upstream site could be spoofed or hijacked and malicious files hosted instead of the legitimate firmware files). Also, the submitter views external dependencies as a possible violation of the spirit of the debian policy, which currently is not explicitly clear on the issue. Section 2.2.1 says "... the packages in main must not require a package outside of main for compilation or execution (thus, the package must not declare a 'Depends', 'Recommends', or 'Build-Depends' relationship on a non-main package)." This makes the policy clear about "packages," but it does not address dependencies on other external non-packaged non-free files. It is the submitter's belief that Debian's policy should be reworded for clarity on situations such as this. thank you for your consideration. i appologize for being difficult, but i believe that it is better to address the issue now, since the impending release forces action on the matter. i am certain that ignoring the problem will result in no action until the next release (1.5 years from now). i am not willing to wait. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
