Re: 3rd party sources in packages (was: Problems with packaging qtiplot)
Hi Teemu
> Your options are to include the external package in the sources, or
> wait until a stable release of the library in question has been
> released. The first option seems to be a big no-no in Debian
> (understandably, at least from a security standpoint) and the second
> option leaves Debian users without an up-to date version of your
> package.
I may have to wait forever since the some features have been added to the
Qtiplot version of qwtplot3d that may not be in the next release.
>
> Since the library in question is not so critical security-wise, having
> a 3rd party library on the package during a release or two does not
> sound so bad to me, but IANADD, etc.
Before packaging qtiplot, I made the library packages of Qwt, qwtplot3d,
muparser and liborigin in order to remove the 3dparty libraries from it.
An opinion from a DD would be appreciable. Is someone willing to sponsor an
upload with statically linked library?
>
> I also have a similar problem with meshlab package I'm working on
> (again). Upstream tarball includes several 3rd party sources, which
> fortunately are all in Debian already. In this case the right thing to
> do is clearly to build with Debian libraries, but should one also
> repackage the source to get rid of the 3rd party code or not?
Yes, sorry I was going to contact you about it. Have you decided which version
of muparser you want?
Cheers
Gudjon
Reply to: