Re: Bits from the Security Team
On Tue, Oct 30, 2007 at 09:04:12PM +0100, Moritz Muehlenhoff wrote:
> Embedded code copies
> ====================
>
> Developers are encouraged to communicate amongst their colleague
> developers for cases where their packages have code in common with
> other packages. For example a package which contains an embedded
> library which is also packaged should be encouraged to use the shared
> library, as this means a potential security update only requires a
> single update.
>
> A prominently horrible example is the xpdf code base which is embedded
> in ten different source packages in Debian Sarge. (For Debian Etch
> this could already be reduced significantly thanks to the xpdf library
> fork named poppler and for Lenny we'll reduce it even more)
>
> You need to tell us about such cases, we can't review all of Debian's
> 18k packages on our own.
>
Wouldn't be the case to add a suitable control field, as proposed
in a previous thread for that case?
--
Francesco P. Lovergine
Reply to: