Re: Bug#392362: [PROPOSAL] Add should not embed code from other packages
Neil McGovern <neilm@debian.org> writes:
> On Tue, Jun 26, 2007 at 08:36:51AM -0700, Russ Allbery wrote:
>> Some software packages include in their distribution convenience
>> copies of libraries from other software packages, generally so that
>> users compiling from source don't have to download multiple
>> packages. Debian packages should not make use of these convenience
>> copies. If the included library is already in the Debian archive,
>> the Debian packaging should ensure that the software is linked with
>> the libraries already in Debian and the convenience copy is not
>> used. If the included library is not already in Debian, it should
>> be packaged separately as a prerequisite.
> I've tried to stay away from compile type language (and to some extent
> 'link') as it's not only C* programs that this effects.
Hm. Good point. I think we can use your wording there:
If the included library is already in the Debian archive, the Debian
packaging should ensure that the software references the library
already in Debian and that the convenience copy is not used.
>> Having multiple copies of the same code in Debian is inefficient,
>> often creates either static linking or shared library conflicts,
>> and, most importantly, increases the difficulty of handling
>> security vulnerabilities in the shared code.
> Hrm... does rationale belong in policy?
This is one of the things that was discussed at the Policy BoF at DebConf,
and Manoj and I would both like to start adding it. In the future, we'll
be doing so in a new format that allows rationale to be tagged separately
and marked as informative rather than normative. But it's very valuable
to have rationale so that years later we can figure out why we changed
something. (See the difficulties in figuring out just why Policy requires
-D_REENTRANT, for example.)
--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
Reply to: