Re: Q: Debian position on bundled libraries
On Thu, Aug 23, 2018 at 12:59 PM, Alec Leamas wrote:
> Here is some libraries to unbundle; this could certainly could be done,
> However, the core issue is a few libraries which cannot realistically be
> unbundled. One example is mygdal, a heavily patched subset of the gdal
> package.
gdal has had one security issue in the past and I wouldn't be
surprised if it had one in the future, since it is basically a
collection of file format parsers. As such I am not sure using a fork
of it is a good idea. It would be best to work with both upstreams to
resolve the delta.
https://security-tracker.debian.org/tracker/source-package/gdal
> So, before proceeding with this work I'd like to know how to handle a
> situation like this. Under what conditions (if any) is bundling actually OK?
Personally, I don't think it is ever acceptable.
--
bye,
pabs
https://wiki.debian.org/PaulWise
Reply to: