[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: release policy changes

* Thomas Bushnell BSG (tb@becket.net) [050609 00:38]:
> Andreas Barth <aba@not.so.argh.org> writes:
> > One addition I would like very much to see is:
> >  A library that is included in a package in Debian must be linked to
> >  dynamically; for static-only executables like sash also static linking
> >  to that other library package is accepted. Importing and using the
> >  source code of any library into another package is not permited.
> >
> > Rationale:
> > Some libraries are provided multiple in Debian, IIRC e.g. libz. That is
> > bad from general QA (as usually this is just an old version, and normale
> > bug fixes don't go in), and especially bad if there is a security update
> > necessary.
> I agree that this is a good policy, but there are sometimes important
> reasons why this doesn't work.  One is where the library needs to be
> compiled in some special way or has special modifications for the
> particular case.  I would like to see some kind of auditing of all the
> cases that this affects, and be confident that none of them get hosed.

Yes. I was considering to say "oh, we solve it by using etch-ignore",
but actually, it might be wise to say it more verbose. If we manage to
get rid of the easier 90% of these included libs I think we made real progress.


Reply to: