Fwd: Bug#931965: New Debian package squashfs-tools-ng_0.4.2

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Fwd: Bug#931965: New Debian package squashfs-tools-ng_0.4.2

Phillip Lougher-2
Sort this out please.

Background.  squashfs-tools-nt had/has a statement I consider
defamatory to me as maintainer of Squashfs-tools.  He also made
defamatory statements on your mailing list.

See:

https://www.mail-archive.com/debian-bugs-dist@.../msg1690835.html

I asked if the Debian package repeated this libel, and it apparently
does.  See below.

Your maintainer than repeats the assertion that I am a dormant maintainer.

This I consider extremely inappropriate and an additional libel and provocation.

I am not sending these emails out of choice.  In over 30+ years of
open source development this is the first time I have had to do so.
But on-line false statements are dangerous - if they are not dealt
with, they have a tendency to become widely believed as fact.

I am still the maintainer of Squashfs (both in the kernel and of the
tools), and I have never believed or indicated otherwise.

I have been active over the last couple of years, submitting kernel
patches and bug fixes to the squashfs-tools, and dealing with issues
and pull requests and emails.  I will offer a couple of URLs below,
but, I do not believe I need to prove myself here, quite the opposite.

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a3f94cb99a854fa381fe7fadd97c4f61633717a5

GitHub repository https://github.com/plougher/squashfs-tools

I will freely admit I have not been as active as I used to be - mainly
concentrating on essential security fixes, bug fixes and
correspondence.  But there is a big difference between this and being
"shamed" publicly as an inactive and dormant maintainer.  It is this
which I object to most strongly, and I consider defamatory.

This reduction in involvement has not been out of choice, but as a
consequence of taking on demanding roles in my day job.  I am
currently the Kernel Maintainer for Redhat Enterprise Linux 8 (and
have been for RHEL5 and RHEL6), this is a job where spare time is more
a concept than a reality.  So I have worked extremely hard keeping my
level of involvement in Squashfs.

I do not have any more to say, except I take damage to my reputation
seriously.  I hope this situation can be resolved amicably.

Dr Phillip Lougher
Squashfs Author and Maintainer





--------- Forwarded message ---------
From: Phillip Lougher <[hidden email]>
Date: Sun, Jul 28, 2019 at 2:42 PM
Subject: Re: Bug#931965: New Debian package squashfs-tools-ng_0.4.2
To: László Böszörményi (GCS) <[hidden email]>


On Sun, Jul 28, 2019 at 11:30 AM László Böszörményi (GCS)
<[hidden email]> wrote:

>
> Dear Phillip,
>
> On Sun, Jul 28, 2019 at 5:18 AM Phillip Lougher
> <[hidden email]> wrote:
> > I notice you have produced a new package squashfs-tools-ng_0.4.2.
>  I have packaged it and uploaded for review of our FTP Master team.
> They are going to check if all files have a license that's acceptable
> as free software according to our guidelines.
>
> > I have not been able to find any download of that package available.
>  No one can download the package until the mentioned check is over.
>
> > Can you confirm that this package does not repeat the libel contained
> > in the upstream package?
>  David removed that text from his Git tree. As this is the latest
> release and before that removal, it's still contains the sentences
> that you thought to be inactive and the squashfs-tools development
> seemed to be stalled.
>
> > Additionally this page
> >
> > https://ftp-master.debian.org/new/squashfs-tools-ng_0.4.2-1.html
> >
> > In the "Description" contains two paragraphs lifted from my
> > Squashfs-tools repository without attribution which I consider a
> > copyright violation.
> >
> > "Squashfs is a highly compressed read-only filesystem for Linux. It uses zlib
> >  compression to compress both files, inodes and directories. Inodes in the
> >  system are very small and all blocks are packed to minimise data overhead.
> >  Block sizes greater than 4K are supported up to a maximum of 64K.
> >  .
> >  Squashfs is intended for general read-only filesystem use, for archival use
> >  (i.e. in cases where a .tar.gz file may be used), and in constrained block
> >  device/memory systems (e.g. embedded systems) where low overhead is needed."
>  If you ask about if I credited you for this paragraph in
> debian/copyright then forgive me but not yet. I can ask the FTP
> Masters to reject the current package and I'm going to re-upload with
> that added.
> @David may even write a new description for his squashfs-tools-ng project.
>
> > Dr Phillip Lougher
> > Squashfs author and maintainer
>  With all the respect, I don't know you are such upset and against
> this new tool. If I look around, it seemed you are a dormant
> developer.
> You didn't update your homepage[1], even today it still states
> "Squashfs 4.2 released (28th February 2011)" and "Squashfs 4.2 This is
> the latest release, for users of 2.6.29 and later kernels". No mention
> of the real latest release, 4.3 [2].
> I don't see any announcement either where you present the new
> development on GitHub. Quickly checking the commit logs, it reveals
> that you only fixed security vulnerabilities 13 days ago[3] when these
> were publicly reported four years ago (on July 20th, 2015)[4].
> Then David announced _twice_ squashfs-tools-ng on _your_ mailing
> list[5][6] without any comment from you. Now all of a sudden you are
> against him because he (me and lot of people included) thought you are
> inactive[7].

That is also offensive and I also consider it a libel.

Do not dig your hold any deeper, or else I will take legal advice with
an intention to sue.

Phillip

> Just for the record, did you contact Gentoo as well? They already
> distribute squashfs-tools-ng[8] with the text you label as
> "defamatory".
>
> @FTP Masters: please reject the package if it's really a copyright
> infringement using a text description from an other package without
> crediting that in our copyright file.
>
> Kind regards,
> Laszlo/GCS
> [1] http://squashfs.sourceforge.net/
> [2] https://sourceforge.net/projects/squashfs/files/squashfs/squashfs4.3/
> [3] https://github.com/plougher/squashfs-tools/commit/f95864afe8833fe3ad782d714b41378e860977b1
> [4] https://lwn.net/Vulnerabilities/651775/
> [5] https://sourceforge.net/p/squashfs/mailman/message/36689846/
> [6] https://sourceforge.net/p/squashfs/mailman/message/36709722/
> [7] https://github.com/AgentD/squashfs-tools-ng/issues/10
> [8] https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5ae739228d96e5857b88c0658d22456da1724ea0

Reply | Threaded
Open this post in threaded view
|

Re: Fwd: Bug#931965: New Debian package squashfs-tools-ng_0.4.2

Sam Hartman-3
It looks like the maintainer has uploaded a new version presumably with
the readme corrected which is also available in new. In particular,
there appears to be a version based on 0.5, which I believe has the
upstream readme change included.  I cannot see for sure until the
package is approved by ftpmaster.

--Sam