Bug#447058: control tags for embedded source files and static built-ins
Hi,
On Wed, 17 Oct 2007 21:27:44 +0200, Nico Golde <nion@debian.org> said:
> Hi, would it be possible to add two tags like for example:
> Embedded-Sources: <source-pkg>, ... Static-Build-Depends: <dev-pkg>,
> ... to the control file to be able to track security issues in
> packages embedding source code from other software or link statical
> against libs? Kind regards Nico
The technical policy is not exhaustive, and the modus operandi
is that unless it is proscribed by policy, it is allowed. You can start
using Embedded-Sources et. al., put it in the developers reference, and
work out what tags make sense, whether there need to be more tags, what
the semantics of the tags are, and when we have a stable design and
penetration, you can then ask the existing practice to be documented
in and writ in stone in the technical policy.
manoj
--
My interest is in the future because I am going to spend the rest of my
life there.
Manoj Srivastava <srivasta@acm.org> <http://www.golden-gryphon.com/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
Reply to: