[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bits from the Security Team

On Tue, Oct 30, 2007 at 09:04:12PM +0100, Moritz Muehlenhoff wrote:
> Embedded code copies
> ====================
> Developers are encouraged to communicate amongst their colleague
> developers for cases where their packages have code in common with
> other packages. For example a package which contains an embedded
> library which is also packaged should be encouraged to use the shared
> library, as this means a potential security update only requires a
> single update.
> A prominently horrible example is the xpdf code base which is embedded
> in ten different source packages in Debian Sarge. (For Debian Etch
> this could already be reduced significantly thanks to the xpdf library
> fork named poppler and for Lenny we'll reduce it even more)
> You need to tell us about such cases, we can't review all of Debian's
> 18k packages on our own.

Wouldn't be the case to add a suitable control field, as proposed 
in a previous thread for that case? 

Francesco P. Lovergine

Reply to: