Re: release policy changes
* Thomas Bushnell BSG (email@example.com) [050609 00:38]:
> Andreas Barth <firstname.lastname@example.org> writes:
> > One addition I would like very much to see is:
> > A library that is included in a package in Debian must be linked to
> > dynamically; for static-only executables like sash also static linking
> > to that other library package is accepted. Importing and using the
> > source code of any library into another package is not permited.
> > Rationale:
> > Some libraries are provided multiple in Debian, IIRC e.g. libz. That is
> > bad from general QA (as usually this is just an old version, and normale
> > bug fixes don't go in), and especially bad if there is a security update
> > necessary.
> I agree that this is a good policy, but there are sometimes important
> reasons why this doesn't work. One is where the library needs to be
> compiled in some special way or has special modifications for the
> particular case. I would like to see some kind of auditing of all the
> cases that this affects, and be confident that none of them get hosed.
Yes. I was considering to say "oh, we solve it by using etch-ignore",
but actually, it might be wise to say it more verbose. If we manage to
get rid of the easier 90% of these included libs I think we made real progress.