Re: Bits from the Testing Security team

To: debian-devel@lists.debian.org
Subject: Re: Bits from the Testing Security team
From: "Francesco P. Lovergine" <frankie@debian.org>
Date: Mon, 15 Oct 2007 11:06:32 +0200
Message-id: <[🔎] 20071015090632.GF18217@mithrandir>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <200710142339.02272.sf@debian.org>
References: <200710142339.02272.sf@debian.org>

On Sun, Oct 14, 2007 at 11:38:35PM +0200, Stefan Fritsch wrote:
> 
> Embedded code copies
> --------------------
> 
> There are a number of packages including source code from external
> libraries, for example poppler is included in xpdf, kpdf and others.  To
> ensure that we don't miss any vulnerabilities in packages that do so we
> maintain a list[6] of embedded code copies in Debian. It is preferable
> that you do not embed copies of code in your packages, but instead link
> against packages that already exist in the archive. Please contact us
> about any missing items you know about.
> 

Unfortunately this is not always viable, because in some cases embedded
libraries are de facto forks of the original ones, or the program
depends on a specific version (and API) of the library.
I wonder if in those special cases an Embed: <source> tag could be added in
debian/control to help tracking things.

-- 
Francesco P. Lovergine

Reply to:

Follow-Ups:
- Re: Bits from the Testing Security team
  - From: Nico Golde <nico@ngolde.de>
- Re: Bits from the Testing Security team
  - From: Hamish Moffatt <hamish@debian.org>

Prev by Date: Re: Forming a new linux Distrbution
Next by Date: Re: Bits from the Testing Security team
Previous by thread: Re: Forming a new linux Distrbution
Next by thread: Re: Bits from the Testing Security team
Index(es):
- Date
- Thread