Bug#392362: [PROPOSAL] Add should not embed code from other packages

[Russ Allbery <rra@debian.org>]

Okay, here's yet another try at the wording for this that tries to exclude
Autotools and friends without making the wording too awkward.
Word-smithing welcome (as are any other comments).

--- orig/policy.sgml
+++ mod/policy.sgml
@@ -2077,6 +2077,32 @@
 	  the file to the list in <file>debian/files</file>.</p>
       </sect>
 
+      <sect id="embeddedfiles">
+	<heading>Convenience copies of code</heading>
+
+	<p>
+	  Some software packages include in their distribution convenience
+	  copies of code from other software packages, generally so that
+	  users compiling from source don't have to download multiple
+	  packages.  Debian packages should not make use of these
+	  convenience copies unless they are used only during the package
+	  build and are not included or linked into generated binary
+	  packages.  If the included code is already in the Debian archive
+	  in the form of a library, the Debian packaging should ensure
+	  that binary packages reference the libraries already in Debian
+	  and the convenience copy is not used.  If the included code is
+	  not already in Debian, it should be packaged separately as a
+	  prerequisite if possible.
+	  <footnote>
+	    Having multiple copies of the same code in Debian is
+	    inefficient, often creates either static linking or shared
+	    library conflicts, and, most importantly, increases the
+	    difficulty of handling security vulnerabilities in the
+	    duplicated code.
+	  </footnote>
+	</p>
+      </sect>
+
     </chapt>
 
-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>