[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Urgently need GPL compatible libsnmp5-dev replacement :-(

On Mon, May 09, 2005 at 04:45:44PM +0200, Martin Schulze wrote:
> Christian Hammers wrote:
> > I could package the whole libsnmp source code into the Quagga file, and
> > simply compile it with --without-openssl and then link it statically 
> > or something similar brute force and ugly.
> 
> FWIW: Please don't.  This would mean creating a security-support nightmare.

I know of at least one package that already does this. The
gibraltar-bootsupport package includes the source for coreutils, curl,
discover and expat. I have no idea how the security team are meant to
be aware of this if/when a security hole is discovered in any of those
4 packages. IMO this sort of packaging should not be allowed in stable
releases. Supposedly this is an improvement on the previous approach
it used of downloading all the source files using apt-get as part of
the build process...

Stephen Quinney
Reply to: