Package: debian-policy Version: 4.2.0.1 Hello, On Thu 23 Aug 2018 at 12:27PM +0200, Alec Leamas wrote: > https://fedoraproject.org/wiki/Packaging:Guidelines#Bundling_and_Duplication_of_system_libraries Thank you for sharing this link -- it seems like Fedora have thought harder about this than we have, at least at the level of the whole project. We can't jump straight to something as involved in that, but threads like this on -devel suggest to me that Policy's discussing of vendoring needs to be expanded. In particular, Policy should explain /why/ bundling is best avoided, and the consensus that it sometimes has to happen should be noted, along with mention of registering bundled copies with the security team where appropriate. -- Sean Whitton
Attachment:
signature.asc
Description: PGP signature