[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Urgently need GPL compatible libsnmp5-dev replacement :-(

* Stephen Quinney (stephen@jadevine.org.uk) [050509 17:20]:
> On Mon, May 09, 2005 at 04:45:44PM +0200, Martin Schulze wrote:
> > Christian Hammers wrote:
> > > I could package the whole libsnmp source code into the Quagga file, and
> > > simply compile it with --without-openssl and then link it statically 
> > > or something similar brute force and ugly.
> > 
> > FWIW: Please don't.  This would mean creating a security-support nightmare.
> I know of at least one package that already does this. The
> gibraltar-bootsupport package includes the source for coreutils, curl,
> discover and expat. I have no idea how the security team are meant to
> be aware of this if/when a security hole is discovered in any of those
> 4 packages. IMO this sort of packaging should not be allowed in stable
> releases.

Agreed. We should IMHO make such a requirement to be part of etchs
release policy.

   PGP 1024/89FB5CE5  DC F1 85 6D A6 45 9C 0F  3B BE F1 D0 C5 D1 D9 0C

Reply to: