Bug#392362: [PROPOSAL] Add should not embed code from other packages

To: Bill Allombert <Bill.Allombert@math.u-bordeaux1.fr>, 392362@bugs.debian.org
Cc: Neil McGovern <neilm@debian.org>
Subject: Bug#392362: [PROPOSAL] Add should not embed code from other packages
From: Luk Claes <luk@debian.org>
Date: Tue, 26 Jun 2007 19:05:36 +0200
Message-id: <[🔎] 46814760.3080609@debian.org>
Reply-to: Luk Claes <luk@debian.org>, 392362@bugs.debian.org
In-reply-to: <[🔎] 20070626145431.GY3320@yellowpig>
References: <[🔎] 200706181559.22004.sf@debian.org> <[🔎] 20070618172743.GB3687@yellowpig> <[🔎] 20070625130221.GD23964@mx0.halon.org.uk> <[🔎] 20070625153353.GQ3320@yellowpig> <[🔎] 20070626125958.GM23964@mx0.halon.org.uk> <[🔎] 20070626145431.GY3320@yellowpig>

Bill Allombert wrote:
> On Tue, Jun 26, 2007 at 01:59:58PM +0100, Neil McGovern wrote:
>> On Mon, Jun 25, 2007 at 05:33:53PM +0200, Bill Allombert wrote:

> Two comments:
> 
> 1) "this library is already packaged in Debian":
> If it is not packaged, it should be packaged instead of using the
> convenience copy. Otherwise three problems can appear:
> 1.1) if the library is packaged separately afterward.
> 1.2) if two packages include independently a convenience copy of the 
> same library.
> 1.3) the security team might miss security issues in a library if
> it is not packaged but only used through a convenience copy.
> 
> The keyword is "convenience" here: it does not apply to copy
> shipped as part of a larger tarball as the main distribution medium.

A convenience copy is AFAIK always part of the upstream tarball. The main
reason for not using convenience copies is security related IMHO and not
package size or having (a possibly other version of) the same library
(package) available at some point.

Cheers

Luk

Reply to:

References:
- Bug#392362: [PROPOSAL] Add should not embed code from other packages
  - From: Stefan Fritsch <sf@debian.org>
- Bug#392362: [PROPOSAL] Add should not embed code from other packages
  - From: Bill Allombert <Bill.Allombert@math.u-bordeaux1.fr>
- Bug#392362: [PROPOSAL] Add should not embed code from other packages
  - From: Neil McGovern <neilm@debian.org>
- Bug#392362: [PROPOSAL] Add should not embed code from other packages
  - From: Bill Allombert <Bill.Allombert@math.u-bordeaux1.fr>
- Bug#392362: [PROPOSAL] Add should not embed code from other packages
  - From: Neil McGovern <neilm@debian.org>
- Bug#392362: [PROPOSAL] Add should not embed code from other packages
  - From: Bill Allombert <Bill.Allombert@math.u-bordeaux1.fr>

Prev by Date: Re: Bug#392362: [PROPOSAL] Add should not embed code from other packages
Next by Date: Re: Bug#392362: [PROPOSAL] Add should not embed code from other packages
Previous by thread: Re: Bug#392362: [PROPOSAL] Add should not embed code from other packages
Next by thread: Bug#392362: [PROPOSAL] Add should not embed code from other packages
Index(es):
- Date
- Thread