Re: Bug#392362: [PROPOSAL] Add should not embed code from other packages

To: Russ Allbery <rra@debian.org>, 392362@bugs.debian.org
Cc: debian-policy@lists.debian.org
Subject: Re: Bug#392362: [PROPOSAL] Add should not embed code from other packages
From: Kurt Roeckx <kurt@roeckx.be>
Date: Mon, 16 Jul 2007 23:57:18 +0200
Message-id: <[🔎] 20070716215718.GA29591@roeckx.be>
In-reply-to: <[🔎] 87lkdwotx9.fsf@windlord.stanford.edu>
References: <200706181559.22004.sf@debian.org> <20070618172743.GB3687@yellowpig> <20070625130221.GD23964@mx0.halon.org.uk> <20070625153353.GQ3320@yellowpig> <20070626125958.GM23964@mx0.halon.org.uk> <877ipqk9rg.fsf@windlord.stanford.edu> <20070626223046.GO23964@mx0.halon.org.uk> <[🔎] 873b04simw.fsf@windlord.stanford.edu> <[🔎] 20070704090125.GA26366@dario.dodds.net> <[🔎] 87lkdwotx9.fsf@windlord.stanford.edu>

On Wed, Jul 04, 2007 at 12:22:42PM -0700, Russ Allbery wrote:
> Steve Langasek <vorlon@debian.org> writes:
> 
> > Perhaps "common code" or "duplicated code" instead of "shared code", to
> > avoid ambiguity wrt shared libraries?
> 
> How about "duplicated code"?  New patch:

I have 2 comments about this:
- It was suggested that this shouldn't only cover libraries.  This
  version still only takes about libraries.
- Some packages contain a forked version of a library.  Policy should
  say to try and merge them in the Debian package.  This might
  not work for all packages since the changes aren't compatible, in
  which case I see 2 options:
  - Keep it internal and link staticly
  - Make a seperate source package of it.
  It would be nice if policy suggested one of those approaches.  But I'm
  not really sure this belongs in policy.


Kurt

> 
> --- orig/policy.sgml
> +++ mod/policy.sgml
> @@ -2077,6 +2077,30 @@
>  	  the file to the list in <file>debian/files</file>.</p>
>        </sect>
>  
> +      <sect id="embeddedfiles">
> +	<heading>Convenience copies of libraries</heading>
> +
> +	<p>
> +	  Some software packages include in their distribution convenience
> +	  copies of libraries from other software packages, generally so
> +	  that users compiling from source don't have to download multiple
> +	  packages.  Debian packages should not make use of these
> +	  convenience copies.  If the included library is already in the
> +	  Debian archive, the Debian packaging should ensure that binary
> +	  packages reference the libraries already in Debian and the
> +	  convenience copy is not used.	 If the included library is not
> +	  already in Debian, it should be packaged separately as a
> +	  prerequisite.
> +	  <footnote>
> +	    Having multiple copies of the same code in Debian is
> +	    inefficient, often creates either static linking or shared
> +	    library conflicts, and, most importantly, increases the
> +	    difficulty of handling security vulnerabilities in the
> +	    duplicated code.
> +	  </footnote>
> +	</p>
> +      </sect>
> +
>      </chapt>
>  
> -- 
> Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-policy-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>

Reply to:

References:
- Bug#392362: [PROPOSAL] Add should not embed code from other packages
  - From: Russ Allbery <rra@debian.org>
- Bug#392362: [PROPOSAL] Add should not embed code from other packages
  - From: Steve Langasek <vorlon@debian.org>
- Bug#392362: [PROPOSAL] Add should not embed code from other packages
  - From: Russ Allbery <rra@debian.org>

Prev by Date: Bug#99324: Verify your recent email to MindBody
Next by Date: Bug#115438: marked as done ([PENDING]: addition of new menu tag for kde menu removal)
Previous by thread: Re: Bug#392362: [PROPOSAL] Add should not embed code from other packages
Next by thread: Processed: tagging 418444
Index(es):
- Date
- Thread