[4164] in SIPB bug reports
Re: modified xmosaic
daemon@ATHENA.MIT.EDU (Calvin Clark)
Tue Oct 12 18:17:44 1993
Date: Tue, 12 Oct 93 18:16:51 -0400
From: Calvin Clark <ckclark@mit.edu>
To: yandros@mit.edu
Cc: ckclark@mit.edu, bug-sipb@mit.edu, bug-outland@mit.edu, biff@mit.edu,
lacsap@media.mit.edu, jsheena@mit.edu, sipb-ec@mit.edu
In-Reply-To: Your message of Tue, 12 Oct 93 15:32:53 -0400.
<9310121932.AA27349@ninja.MIT.EDU>
> /mit/sipb/decipsbin now has xmosaic, xmosaic-media, and xmosaic-orig.
> Xmosaic-orig is what it sounds like. The xmosaic-media script uses
> the media resources and binary. `xmosaic' is currently a shell script
> that points to xmosaic-media, so it can be backed out quickly.
>
> Also, as a fallback, the modified version will be installed as
> `xmosaic' in outland.
>
> Does this make everyone happy?
> chad
I have invoked the ``fallback.''
I'm still not happy. Not one bit. This is why:
It is customary to have all of the programs installed in sipb locker
to be in sipbsrc. There are two main reasons for this:
- Clarity. The natural place for users who are interested in
looking at the sources for installed programs is in
the src directory in the locker where the programs are. It
confuses both users and maintainers when the installed
programs don't correspond to the sources they look like
they should go with.
- Maintenance. The members of gsipbbin should be able to
do both incidental and emergency maintenance on programs
in the sipb locker. Having the source elsewhere obfuscates
things and makes both types of maintenance difficult
and sometimes impossible (e.g., if you don't have write
access to the source, or if the sources are unavailable
because they are on a server that goes down---a server
that we can't get to and may not be backed up on tape.)
About that last point: I was wondering who had write access to the
sources in the fishwrap cell. It seems that everyone does:
; fs la /afs/fishwrap.mit.edu/export/xmosaic-media
Access list for /afs/fishwrap.mit.edu/export/xmosaic-media is
Normal rights:
jsheena@athena.mit.edu rlidw
system:fishwrap rlidwka
system:administrators rlidwka
system:anyuser rlidwka
Can you say ``Trojan Horse?'' I knew you could. I have twiddled the
symlink for xmosaic back to xmosaic-orig and released the sipb volume
because this is a security risk I'm not willing to take as a user of
xmosaic, and I, as a maintainer of programs in the sipb
locker---including the version of xmosaic currently there---cannot
place on the (possibly) hundreds of Athena users who use xmosaic daily.
At least one other SIPB member has expressed concern about the wisdom of
the actual changes made to the fishwrap sources. I feel, under the
circumstances, that is is reasonable to demand an audit of these
changes. I don't think we should proceed any further with the fishwrap
changes until this audit is performed and the changes are made in
sipbsrc the way they should be. This can be discussed at the next SIPB
meeting, or if there is sufficient interest, it can be discussed by a
special meeting of people interested sometime sooner than Monday.
I am very sorry that it has to come to this, but I have no choice but to
urge the SIPB EC and maintainers of the sipb locker to consider my
demand seriously. I am not happy with the way this came about, as it
seems to me to have involved the harassment and pressuring of a few
individual sipb members.
