Re: Bits from the Testing Security team

To: debian-devel@lists.debian.org
Subject: Re: Bits from the Testing Security team
From: Hamish Moffatt <hamish@debian.org>
Date: Mon, 15 Oct 2007 22:36:55 +1000
Message-id: <[🔎] 20071015123654.GA13122@cloud.net.au>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20071015090632.GF18217@mithrandir>
References: <200710142339.02272.sf@debian.org> <[🔎] 20071015090632.GF18217@mithrandir>

On Mon, Oct 15, 2007 at 11:06:32AM +0200, Francesco P. Lovergine wrote:
> On Sun, Oct 14, 2007 at 11:38:35PM +0200, Stefan Fritsch wrote:
> > 
> > Embedded code copies
> > --------------------
> > 
> > There are a number of packages including source code from external
> > libraries, for example poppler is included in xpdf, kpdf and others.  To
> > ensure that we don't miss any vulnerabilities in packages that do so we
> > maintain a list[6] of embedded code copies in Debian. It is preferable
> > that you do not embed copies of code in your packages, but instead link
> > against packages that already exist in the archive. Please contact us
> > about any missing items you know about.
> 
> Unfortunately this is not always viable, because in some cases embedded
> libraries are de facto forks of the original ones, or the program
> depends on a specific version (and API) of the library.

Or in rare cases, the shared libraries are forks of embedded code, eg
the case of Xpdf which has been forked to make libpoppler.


Hamish
-- 
Hamish Moffatt VK3SB <hamish@debian.org> <hamish@cloud.net.au>

Reply to:

References:
- Re: Bits from the Testing Security team
  - From: "Francesco P. Lovergine" <frankie@debian.org>

Prev by Date: Re: Bits from the Testing Security team
Next by Date: Re: Bits from the Testing Security team
Previous by thread: Re: Bits from the Testing Security team
Next by thread: Re: Bits from the Testing Security team
Index(es):
- Date
- Thread