Quoting Sebastian Ramacher (2020-04-21 09:23:57) > Control: tags -1 + wontfix > > But anyway, is libjsonparser's upstream still active? No release > > since 2014 doesn't suggest that they are. If that is not the case > > and we end up with libjsonparser being maintained in Debian, this > > means that changing vlc to libjsonparser is not upstreamable. Due to > > the size and security history of vlc, I'd like to avoid that. A security bug in libjsonparser should be fixed for all consumers of that library, not only for VLC. If upstream project is dead, and VLC discovers and fixes a bug in the library, then that bugfix should be forwarded to the Debian package so that other consumers benefit from it as well. Only if VLC changes the API of libjsonparser, effectively forking it (and that fork is not packaged separately in Debian!) does it make sense to keep using an embedded code copy. - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private
Attachment:
signature.asc
Description: signature