Re: Modifications to included libs
On Sat, Apr 12, 2008 at 12:20 AM, Jan Hauke Rahm <info@jhr-online.de> wrote:
> I'm working on a package that includes some php libs (e.g. pear
> packages). Some of those are already packaged for debian so it'd be
> better at all if I'd set a dependency on it and don't ship the code
> again, right?
It is better that absolutely none of the embedded php libs are
included/used/shipped in the .deb. If they are not packaged
separately, the security team will not be happy at all.
> First of all my question is how to do that. Can I just create a symlink
> to the other package or must I modify the upstream source to look at the
> right place (without using links)?
I'd suggest reading the draft debian webapps policy and asking about
this on the debian webapps list. I imagine your app has a config.php
in which you can set the default php include path.
> And the next question is: what can I do if upstream uses a modified
> version of that lib? Is there a proper way to ship just the
> modifications and for the rest use the files of the lib package?
There is no proper way to ship embedded forks. Instead the fork should
be merged upstream or dropped.
Fix your app upstream so that it does not need the modifications, or
get the php lib upstream to include the modifications and get that
into Debian.
The most acceptable hacky way to do it would be to create a
libfoo-modified-php package that build-depends on the original version
(libfoo-php), copy and apply a patch at build time, then ship the
patched version in the libfoo-modified-php binary package. Then your
webapp can depend on libfoo-modified-php.
If there is *any* code duplicated in the source/binary package from
other software, the security team must be notified of the situation so
they can fix security issues properly.
--
bye,
pabs
http://wiki.debian.org/PaulWise
Reply to: