Bug#392362: [PROPOSAL] Add should not embed code from other packages

To: 392362@bugs.debian.org
Subject: Bug#392362: [PROPOSAL] Add should not embed code from other packages
From: Russ Allbery <rra@debian.org>
Date: Wed, 04 Jul 2007 12:22:42 -0700
Message-id: <[🔎] 87lkdwotx9.fsf@windlord.stanford.edu>
Reply-to: Russ Allbery <rra@debian.org>, 392362@bugs.debian.org
In-reply-to: <[🔎] 20070704090125.GA26366@dario.dodds.net> (Steve Langasek's message of "Wed, 4 Jul 2007 02:01:26 -0700")
References: <200706181559.22004.sf@debian.org> <20070618172743.GB3687@yellowpig> <20070625130221.GD23964@mx0.halon.org.uk> <20070625153353.GQ3320@yellowpig> <20070626125958.GM23964@mx0.halon.org.uk> <877ipqk9rg.fsf@windlord.stanford.edu> <20070626223046.GO23964@mx0.halon.org.uk> <[🔎] 873b04simw.fsf@windlord.stanford.edu> <[🔎] 20070704090125.GA26366@dario.dodds.net>

Steve Langasek <vorlon@debian.org> writes:

> Perhaps "common code" or "duplicated code" instead of "shared code", to
> avoid ambiguity wrt shared libraries?

How about "duplicated code"?  New patch:

--- orig/policy.sgml
+++ mod/policy.sgml
@@ -2077,6 +2077,30 @@
 	  the file to the list in <file>debian/files</file>.</p>
       </sect>
 
+      <sect id="embeddedfiles">
+	<heading>Convenience copies of libraries</heading>
+
+	<p>
+	  Some software packages include in their distribution convenience
+	  copies of libraries from other software packages, generally so
+	  that users compiling from source don't have to download multiple
+	  packages.  Debian packages should not make use of these
+	  convenience copies.  If the included library is already in the
+	  Debian archive, the Debian packaging should ensure that binary
+	  packages reference the libraries already in Debian and the
+	  convenience copy is not used.	 If the included library is not
+	  already in Debian, it should be packaged separately as a
+	  prerequisite.
+	  <footnote>
+	    Having multiple copies of the same code in Debian is
+	    inefficient, often creates either static linking or shared
+	    library conflicts, and, most importantly, increases the
+	    difficulty of handling security vulnerabilities in the
+	    duplicated code.
+	  </footnote>
+	</p>
+      </sect>
+
     </chapt>
 
-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to:

Follow-Ups:
- Bug#392362: [PROPOSAL] Add should not embed code from other packages
  - From: Steve Langasek <vorlon@debian.org>
- Re: Bug#392362: [PROPOSAL] Add should not embed code from other packages
  - From: Neil McGovern <neilm@debian.org>
- Re: Bug#392362: [PROPOSAL] Add should not embed code from other packages
  - From: Kurt Roeckx <kurt@roeckx.be>

References:
- Bug#392362: [PROPOSAL] Add should not embed code from other packages
  - From: Russ Allbery <rra@debian.org>
- Bug#392362: [PROPOSAL] Add should not embed code from other packages
  - From: Steve Langasek <vorlon@debian.org>

Prev by Date: Bug#206684: debian-policy: Proposal for going ahead with mandatory debconf use for prompting
Next by Date: Bug#420701: GFDL is now in common-licenses
Previous by thread: Bug#392362: [PROPOSAL] Add should not embed code from other packages
Next by thread: Bug#392362: [PROPOSAL] Add should not embed code from other packages
Index(es):
- Date
- Thread