Bug#392362: [PROPOSAL] Add should not embed code from other packages
Steve Langasek <vorlon@debian.org> writes:
> Perhaps "common code" or "duplicated code" instead of "shared code", to
> avoid ambiguity wrt shared libraries?
How about "duplicated code"? New patch:
--- orig/policy.sgml
+++ mod/policy.sgml
@@ -2077,6 +2077,30 @@
the file to the list in <file>debian/files</file>.</p>
</sect>
+ <sect id="embeddedfiles">
+ <heading>Convenience copies of libraries</heading>
+
+ <p>
+ Some software packages include in their distribution convenience
+ copies of libraries from other software packages, generally so
+ that users compiling from source don't have to download multiple
+ packages. Debian packages should not make use of these
+ convenience copies. If the included library is already in the
+ Debian archive, the Debian packaging should ensure that binary
+ packages reference the libraries already in Debian and the
+ convenience copy is not used. If the included library is not
+ already in Debian, it should be packaged separately as a
+ prerequisite.
+ <footnote>
+ Having multiple copies of the same code in Debian is
+ inefficient, often creates either static linking or shared
+ library conflicts, and, most importantly, increases the
+ difficulty of handling security vulnerabilities in the
+ duplicated code.
+ </footnote>
+ </p>
+ </sect>
+
</chapt>
--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
Reply to: