[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bits from the Testing Security team

Hi Francesco,
* Francesco P. Lovergine <frankie@debian.org> [2007-10-15 16:05]:
> On Mon, Oct 15, 2007 at 11:20:02AM +0200, Nico Golde wrote:
> > 
> > Yes true but in most cases the code base is nearly the same 
> > and we can check this without knowing ;)
> > 
> > > I wonder if in those special cases an Embed: <source> tag could be added in
> > > debian/control to help tracking things.
> > 
> > That would be a nice thing, also if this would include 
> > information if the code is really included or just 
> > statically linked against it.
> Well, I would consider statically linking a non embedded (i.e. a packaged) 
> library a bug... Are there known cases where this is a required condition?

Yes, dpkg for example links statically against libbz2 and zlib just to 
pick a famous example.
Kind regards

Nico Golde - http://ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: pgpWLuIUTafwx.pgp
Description: PGP signature

Reply to: