Bug#392362: [PROPOSAL] Add should not embed code from other packages

To: 392362@bugs.debian.org
Subject: Bug#392362: [PROPOSAL] Add should not embed code from other packages
From: Ian Jackson <ian@davenant.greenend.org.uk>
Date: Tue, 18 Dec 2007 20:11:49 +0000
Message-id: <[🔎] 18280.10629.798199.984479@davenant.relativity.greenend.org.uk>
Reply-to: Ian Jackson <ian@davenant.greenend.org.uk>, 392362@bugs.debian.org
In-reply-to: <[🔎] 20071205175550.GB13328@riva.ucam.org>
References: <877ipqk9rg.fsf@windlord.stanford.edu> <20070626223046.GO23964@mx0.halon.org.uk> <873b04simw.fsf@windlord.stanford.edu> <20070704090125.GA26366@dario.dodds.net> <87lkdwotx9.fsf@windlord.stanford.edu> <20070716215718.GA29591@roeckx.be> <87zm15dtt7.fsf@windlord.stanford.edu> <871wa872bw.fsf@windlord.stanford.edu> <[🔎] 20071205170848.GA9601@riva.ucam.org> <[🔎] 20071205172617.GP13566@yellowpig> <[🔎] 20071205175550.GB13328@riva.ucam.org>

Colin Watson writes ("Bug#392362: [PROPOSAL] Add should not embed code from other packages"):
> Gnulib in fact provides a number of other useful utility functions as
> well as simply replacement functions (e.g. xmalloc, xasprintf,
> compile_csharp_using_pnet, execute_java_class) so this assumption may
> well not be correct.

When we find a /tmp handling vulnerability in gnulib, will we not have
a serious problem ?

Ian.

Reply to:

Follow-Ups:
- Bug#392362: [PROPOSAL] Add should not embed code from other packages
  - From: Russ Allbery <rra@debian.org>

References:
- Bug#392362: [PROPOSAL] Add should not embed code from other packages
  - From: Colin Watson <cjwatson@debian.org>
- Bug#392362: [PROPOSAL] Add should not embed code from other packages
  - From: Bill Allombert <Bill.Allombert@math.u-bordeaux1.fr>
- Bug#392362: [PROPOSAL] Add should not embed code from other packages
  - From: Colin Watson <cjwatson@debian.org>

Prev by Date: Re: [Policy-rewrite]: Determining distinct policy rules
Next by Date: Re: Breaks in lenny (was Re: Task list for a policy release)
Previous by thread: Bug#392362: [PROPOSAL] Add should not embed code from other packages
Next by thread: Bug#392362: [PROPOSAL] Add should not embed code from other packages
Index(es):
- Date
- Thread