Bug#907051: Say much more about vendoring of libraries

To: submit@bugs.debian.org
Subject: Bug#907051: Say much more about vendoring of libraries
From: Sean Whitton <spwhitton@spwhitton.name>
Date: Thu, 23 Aug 2018 06:13:00 -0700
Message-id: <[🔎] 87efepjkf7.fsf@hephaestus.silentflame.com>
Reply-to: Sean Whitton <spwhitton@spwhitton.name>, 907051@bugs.debian.org
In-reply-to: <[🔎] 46816846-3120-652b-a086-bf55ccbb706b@gmail.com>

Package: debian-policy
Version: 4.2.0.1

Hello,

On Thu 23 Aug 2018 at 12:27PM +0200, Alec Leamas wrote:

> https://fedoraproject.org/wiki/Packaging:Guidelines#Bundling_and_Duplication_of_system_libraries

Thank you for sharing this link -- it seems like Fedora have thought
harder about this than we have, at least at the level of the whole
project.

We can't jump straight to something as involved in that, but threads
like this on -devel suggest to me that Policy's discussing of vendoring
needs to be expanded.

In particular, Policy should explain /why/ bundling is best avoided, and
the consensus that it sometimes has to happen should be noted, along
with mention of registering bundled copies with the security team where
appropriate.

-- 
Sean Whitton

Attachment: signature.asc
Description: PGP signature

Reply to:

References:
- Re: Q: Debian position on bundled libraries
  - From: Alec Leamas <leamas.alec@gmail.com>

Prev by Date: Re: Q: Where is keyring packaging guideline?
Next by Date: Bug#907058: ITP: python-sphinx-feature-classification -- generate a matrix of pluggable drivers and their support to an API
Previous by thread: Re: Q: Debian position on bundled libraries
Next by thread: Bug#907014: ITP: r-cran-deoptimr -- Differential Evolution Optimization in Pure R
Index(es):
- Date
- Thread