Re: [DBD-SQLite] Using System SQLite Instead of Bundled Version
On Fri, 22 May 2009, Darren Duncan wrote:
> The core SQLite team via sqlite.org is very responsive to bug
> reports and does fix them in a reasonable timeframe, so the best
> thing that Debian can do is to work with them to fix bugs and to
> only release versions of SQLite that match core versions.
This is Debian's goal for all packages. However, even with the best
possible communication with a responsive upstream, Debian often ends
up distributing versions which include patches that fix bugs which are
fixed in as-of-yet unreleased versions of upstream code or,
alternatively, including security fixes that are present in an
upstream release, but need to be backported to the (possibly outdated)
version Debian is distributing in stable.
To avoid this extra effort (or worse, to be unaware of the need for
it) convenience copies of libraries should not be used in Debian (to
the extent possible), hopefully through the use of
upstream-supported compilation options. [The option to use a system
library can of course be disabled by default.]
1: For those not familiar; our stable release remains static over its
lifetime, with the primary exception of changes to fix security issues
(and fairly rarely, major bugs which weren't caught before the
2: In the cases where it's not possible, the Debian Security Team
needs to be made aware of this fact, and the maintainers of packages
with convenince copies need to track bugs in the package(s) of which
they use convenience copies.
But if, after all, we are on the wrong track, what then? Only
dissapointed human hopes, nothing more. And even if we perish, what
will it matter in the endless cycles of eternity?
-- Fridtjof Nansen _Farthest North_ p152