Re: Urgently need GPL compatible libsnmp5-dev replacement :-(
* Stephen Quinney (stephen@jadevine.org.uk) [050509 17:20]:
> On Mon, May 09, 2005 at 04:45:44PM +0200, Martin Schulze wrote:
> > Christian Hammers wrote:
> > > I could package the whole libsnmp source code into the Quagga file, and
> > > simply compile it with --without-openssl and then link it statically
> > > or something similar brute force and ugly.
> >
> > FWIW: Please don't. This would mean creating a security-support nightmare.
> I know of at least one package that already does this. The
> gibraltar-bootsupport package includes the source for coreutils, curl,
> discover and expat. I have no idea how the security team are meant to
> be aware of this if/when a security hole is discovered in any of those
> 4 packages. IMO this sort of packaging should not be allowed in stable
> releases.
Agreed. We should IMHO make such a requirement to be part of etchs
release policy.
Cheers,
Andi
--
http://home.arcor.de/andreas-barth/
PGP 1024/89FB5CE5 DC F1 85 6D A6 45 9C 0F 3B BE F1 D0 C5 D1 D9 0C
Reply to: