[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: local copies of libs

On Thu, Oct 05, 2006 at 03:40:03PM +0200, Hendrik Sattler wrote:
> Hi,
> since I often see that packages keep local copies of libs and use those, I 
> kind of want to object to arguments for such build behaviour.
> The latest one I found is xmms-wma: it uses a local stripped-down copy of 
> ffmpeg's libavcodec and libavformat.
> The given reasons are pretty much always the same. Here:
> * linking this way uses less memory
> - Well certainly if you only look at your own package. In combination with a 
> program that links against libavcodec (4.5MB, probably the main reason for 
> this argument), the combination consumes more memory.
> Maybe such libs as libavcodec would benefit from a local split (one master lib 
> with smaller codec libs and a lib with common routines) or a plugin 
> mechanism. This would stop this non-sense of using local copies.
> For some, the reason is acceptable, for some it isn't? So what makes it 
> candidate for a bug report with a severity greater than wishlist?
> What is the main opinion among Debian maintainers?
> HS

The biggest issue, I think, is security.  If a vulnerability is
discovered in ffmpeg, then the seucrity team knows that they have to
update ffmpeg.  However, if five other packages are vulnerable and the
security does now know about them, we have a bad situation.



Roberto C. Sanchez

Attachment: signature.asc
Description: Digital signature

Reply to: