Re: supertuxkart 0.7.3

To: debian-devel-games@lists.debian.org
Subject: Re: supertuxkart 0.7.3
From: Vincent Cheng <vincentc1208@gmail.com>
Date: Mon, 10 Dec 2012 02:08:13 -0800
Message-id: <[🔎] CACZd_tCmgi8L-yig7MT=Uq6Vwa1c2RJ5Xe98Ywpbo416T-3zsQ@mail.gmail.com>
In-reply-to: <[🔎] 50C5ABF5.1070002@debian.org>
References: <[🔎] 201212090859.54464.heiko.ernst@aschershain.de> <[🔎] CACZd_tC2BngYsnpSVCjB5eP-GCtBDQ2_S4PTPASo6PGA+JaMJg@mail.gmail.com> <[🔎] 201212091110.36795.heiko.ernst@aschershain.de> <[🔎] CACZd_tAEXiD8d2RmSUG3b9Az7Y8utjsh_+Ln-n715YJtsRx5NQ@mail.gmail.com> <[🔎] 850e8baf-453b-42f9-b2fe-84625e845dbb@email.android.com> <[🔎] CACZd_tBKmosdNCYm+1atov9agz+Y6C3XRt2Wgu2YG2-wr+rwtg@mail.gmail.com> <[🔎] 50C51D90.6050001@debian.org> <[🔎] CACZd_tBsUQAU+mAGLh-8Xtxb761=8zrk6MFLUP2Yxc9d1cTMuw@mail.gmail.com> <[🔎] 50C5ABF5.1070002@debian.org>

On Mon, Dec 10, 2012 at 1:31 AM, Bas Wijnen <wijnen@debian.org> wrote:
> On 10-12-12 01:02, Vincent Cheng wrote:
>> On Sun, Dec 9, 2012 at 3:24 PM, Tobias Hansen <thansen@debian.org> wrote:
>>> Am 10.12.2012 00:04, schrieb Vincent Cheng:
>>>> On Sun, Dec 9, 2012 at 8:15 AM, Tobias Hansen <thansen@debian.org> wrote:
>>>>> If it's a bug in irrlicht, you can find the patch in the irrlicht svn. If
>>>>
>>>> Uhmm, thanks? Especially after tagging #677609 and #679837 with
>>>> 'help', I was hoping for something a bit more detailed/specific...
>>>>
>>>> [2] https://sourceforge.net/apps/trac/supertuxkart/ticket/689
>>>
>>> I have not looked into it. My point was that modifying a library to
>>> match the needs of one of its reverse dependencies is a bad idea. After
>>> looking at your [2], it looks like that is what this is about.
>>
>> No, I haven't modified irrlicht to meet the needs of supertuxkart.
>> It's an option that I have considered though; either that, or just use
>> supertuxkart's embedded copy of irrlicht starting with the next
>> upstream release. I'm leaning towards the latter because it's the
>> least painful option.
>
> I hope this is not true, because it is a very painful option. This is
> the reason it is also forbidden by Policy (4.13). Footnote 30 is quite
> clear:
>
>> Having multiple copies of the same code in Debian is inefficient,
>> often creates either static linking or shared library conflicts, and,
>> most importantly, increases the difficulty of handling security
>> vulnerabilities in the duplicated code.
>

Well, I'm not thrilled at the prospect of using an embedded copy of
irrlicht in stk either. However, Policy 4.13 doesn't explicitly forbid
doing so (should != must), and hence why the security team has a list
of embedded code copies [1]. Upstream has indicated that at some point
in the future, their modifications to their embedded copy of irrlicht
is going to be extensive enough to break the API. If you've got any
other options I haven't considered yet, I'm all ears. :)

Regards,
Vincent

[1] http://anonscm.debian.org/viewvc/secure-testing/data/embedded-code-copies?view=markup

Reply to:

Follow-Ups:
- Re: supertuxkart 0.7.3
  - From: Paul Wise <pabs@debian.org>
- Re: supertuxkart 0.7.3
  - From: Markus Koschany <apo@gambaru.de>

References:
- supertuxkart 0.7.3
  - From: heiko <heiko.ernst@aschershain.de>
- Re: supertuxkart 0.7.3
  - From: Vincent Cheng <vincentc1208@gmail.com>
- Re: supertuxkart 0.7.3
  - From: heiko <heiko.ernst@aschershain.de>
- Re: supertuxkart 0.7.3
  - From: Vincent Cheng <vincentc1208@gmail.com>
- Re: supertuxkart 0.7.3
  - From: Tobias Hansen <thansen@debian.org>
- Re: supertuxkart 0.7.3
  - From: Vincent Cheng <vincentc1208@gmail.com>
- Re: supertuxkart 0.7.3
  - From: Tobias Hansen <thansen@debian.org>
- Re: supertuxkart 0.7.3
  - From: Vincent Cheng <vincentc1208@gmail.com>
- Re: supertuxkart 0.7.3
  - From: Bas Wijnen <wijnen@debian.org>

Prev by Date: Re: supertuxkart 0.7.3
Next by Date: Re: supertuxkart 0.7.3
Previous by thread: Re: supertuxkart 0.7.3
Next by thread: Re: supertuxkart 0.7.3
Index(es):
- Date
- Thread