Serveral Debian Developers envolved in security have been bitching me today on IRC about my one-month-old blog entry about PHP and PHPBB2.

Apparently, woody was not affected because it doesn’t contain PHPBB2 and the PHP security problems did not apply. So sorry about my rant, I was wrong. No idea then, how these reporting infection to me were exactly infected.

But it shows one thing: you can barely use a plain woody system. You will very often need other software. And if it is just one user wanting PHPBB, if you don’t provide it, he will install it himself and introduce a hole.

Still I’m really pissed off about not making any visible progress towards a release. Bug counts, who cares. They go up and down. The BSP in Munich where I fixed like 10 RC bugs was a waste of time.

As much as I like Debian, I’m really annoyed by now. Something must change. It appears pointless to do anything if the “goal” is being pushed back to and indefinite time again and again.