Your message dated Thu, 18 Oct 2007 18:35:06 +0200 with message-id <20071018163506.GD12088@ngolde.de> and subject line Bug#447058: control tags for embedded source files and static built-ins has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database)
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: control tags for embedded source files and static built-ins
- From: Nico Golde <nion@debian.org>
- Date: Wed, 17 Oct 2007 21:27:44 +0200
- Message-id: <[🔎] 20071017192744.GA27106@ngolde.de>
Package: debian-policy Version: 3.7.2.2 Severity: wishlist Hi, would it be possible to add two tags like for example: Embedded-Sources: <source-pkg>, ... Static-Build-Depends: <dev-pkg>, ... to the control file to be able to track security issues in packages embedding source code from other software or link statical against libs? Kind regards Nico -- Nico Golde - http://ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.Attachment: pgpk6TnQ_FtF8.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
- To: 447058-done@bugs.debian.org
- Subject: Re: Bug#447058: control tags for embedded source files and static built-ins
- From: Nico Golde <nion@debian.org>
- Date: Thu, 18 Oct 2007 18:35:06 +0200
- Message-id: <20071018163506.GD12088@ngolde.de>
- In-reply-to: <[🔎] 871wbtzdfg.fsf@anzu.internal.golden-gryphon.com>
- References: <[🔎] 20071017192744.GA27106@ngolde.de> <[🔎] 871wbtzdfg.fsf@anzu.internal.golden-gryphon.com>
Hi, * Manoj Srivastava <srivasta@acm.org> [2007-10-17 23:45]: > Hi, > On Wed, 17 Oct 2007 21:27:44 +0200, Nico Golde <nion@debian.org> said: > > > Hi, would it be possible to add two tags like for example: > > Embedded-Sources: <source-pkg>, ... Static-Build-Depends: <dev-pkg>, > > ... to the control file to be able to track security issues in > > packages embedding source code from other software or link statical > > against libs? Kind regards Nico > > > The technical policy is not exhaustive, and the modus operandi > is that unless it is proscribed by policy, it is allowed. You can start > using Embedded-Sources et. al., put it in the developers reference, and > work out what tags make sense, whether there need to be more tags, what > the semantics of the tags are, and when we have a stable design and > penetration, you can then ask the existing practice to be documented > in and writ in stone in the technical policy. Ok, thanks very much for the explanation, added this to my TODO list and I think closing this bug make sense then. Kind regards Nico -- Nico Golde - http://ngolde.de - nion@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.Attachment: pgppyP1yLkvye.pgp
Description: PGP signature
--- End Message ---