Re: Urgently need GPL compatible libsnmp5-dev replacement :-(

To: Martin Schulze <joey@infodrom.org>, Debian Development <debian-devel@lists.debian.org>
Subject: Re: Urgently need GPL compatible libsnmp5-dev replacement :-(
From: Andreas Barth <aba@not.so.argh.org>
Date: Mon, 9 May 2005 17:47:43 +0200
Message-id: <[🔎] 20050509154743.GP10453@mails.so.argh.org>
Mail-followup-to: Andreas Barth <aba@not.so.argh.org>, Martin Schulze <joey@infodrom.org>, Debian Development <debian-devel@lists.debian.org>
In-reply-to: <[🔎] 20050509150040.GG8747@computing-services.oxford.ac.uk>
References: <[🔎] 20050504002212.328288d6@app109.intern> <[🔎] 20050503224024.GB29159@khazad-dum.debian.net> <[🔎] 20050504004834.1f032578@app109.intern> <[🔎] 20050509144544.GA13295@finlandia.infodrom.north.de> <[🔎] 20050509150040.GG8747@computing-services.oxford.ac.uk>

* Stephen Quinney (stephen@jadevine.org.uk) [050509 17:20]:
> On Mon, May 09, 2005 at 04:45:44PM +0200, Martin Schulze wrote:
> > Christian Hammers wrote:
> > > I could package the whole libsnmp source code into the Quagga file, and
> > > simply compile it with --without-openssl and then link it statically 
> > > or something similar brute force and ugly.
> > 
> > FWIW: Please don't.  This would mean creating a security-support nightmare.
 
> I know of at least one package that already does this. The
> gibraltar-bootsupport package includes the source for coreutils, curl,
> discover and expat. I have no idea how the security team are meant to
> be aware of this if/when a security hole is discovered in any of those
> 4 packages. IMO this sort of packaging should not be allowed in stable
> releases.

Agreed. We should IMHO make such a requirement to be part of etchs
release policy.


Cheers,
Andi
-- 
   http://home.arcor.de/andreas-barth/
   PGP 1024/89FB5CE5  DC F1 85 6D A6 45 9C 0F  3B BE F1 D0 C5 D1 D9 0C

Reply to:

Follow-Ups:
- Re: Urgently need GPL compatible libsnmp5-dev replacement :-(
  - From: Tollef Fog Heen <tfheen@err.no>

References:
- Urgently need GPL compatible libsnmp5-dev replacement :-(
  - From: Christian Hammers <ch@debian.org>
- Re: Urgently need GPL compatible libsnmp5-dev replacement :-(
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: Urgently need GPL compatible libsnmp5-dev replacement :-(
  - From: Christian Hammers <ch@debian.org>
- Re: Urgently need GPL compatible libsnmp5-dev replacement :-(
  - From: Martin Schulze <joey@infodrom.org>
- Re: Urgently need GPL compatible libsnmp5-dev replacement :-(
  - From: Stephen Quinney <stephen@jadevine.org.uk>

Prev by Date: Re: /usr/lib vs /usr/libexec
Next by Date: Re: /usr/lib vs /usr/libexec
Previous by thread: Re: Urgently need GPL compatible libsnmp5-dev replacement :-(
Next by thread: Re: Urgently need GPL compatible libsnmp5-dev replacement :-(
Index(es):
- Date
- Thread