Re: Bits from the Security Team

To: debian-devel@lists.debian.org
Subject: Re: Bits from the Security Team
From: "Francesco P. Lovergine" <frankie@debian.org>
Date: Wed, 31 Oct 2007 11:50:51 +0100
Message-id: <[🔎] 20071031105051.GB1481@mithrandir>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <20071030200412.GA4036@galadriel.inutil.org>
References: <20071030200412.GA4036@galadriel.inutil.org>

On Tue, Oct 30, 2007 at 09:04:12PM +0100, Moritz Muehlenhoff wrote:
> Embedded code copies
> ====================
> 
> Developers are encouraged to communicate amongst their colleague
> developers for cases where their packages have code in common with
> other packages. For example a package which contains an embedded
> library which is also packaged should be encouraged to use the shared
> library, as this means a potential security update only requires a
> single update.
> 
> A prominently horrible example is the xpdf code base which is embedded
> in ten different source packages in Debian Sarge. (For Debian Etch
> this could already be reduced significantly thanks to the xpdf library
> fork named poppler and for Lenny we'll reduce it even more)
> 
> You need to tell us about such cases, we can't review all of Debian's
> 18k packages on our own.
> 

Wouldn't be the case to add a suitable control field, as proposed 
in a previous thread for that case? 

-- 
Francesco P. Lovergine

Reply to:

Follow-Ups:
- Re: Bits from the Security Team
  - From: Florian Weimer <fw@deneb.enyo.de>

Prev by Date: XS-Vcs-*, XS-X-Vcs-* and friends
Next by Date: Bug#448724: O: imsniff: Simple program to log Instant Messaging activity on the network
Previous by thread: Re: Bits from the Security Team
Next by thread: Re: Bits from the Security Team
Index(es):
- Date
- Thread