nginx Build-Depended on 3rd-party module source
Hello security team,
I'm working on debianizing uWSGI [1]. You can see my work on
git.debian.org [2].
I've already found the sponsor (Alexander GQ Gerasiov) and now we are
in discussing some final details.
One of these details is question about needing in package
uwsgi-nginx-module-dev. This is one of builded binary packages
containing just the source of uWSGI nginx module.
Any nginx module must be compiled in nginx binary [3] [4], so I've
contacted with nginx maintainer (Kartik Mistry) and asked him for adding
uwsgi-nginx-module-dev in Build-Depends of nginx (along with including
'--add-module' stanza in debian/rules). Kartik agrees.
But then Alexander raised a question, which I want to ask in
security-related list.
If nginx will be Build-Depended on binary package with 3rd-party
module source, will it breaks any Debian security rules or not?
[1] http://projects.unbit.it/uwsgi/
[2] http://git.debian.org/?p=collab-maint/uwsgi.git;a=summary
[3] http://wiki.nginx.org/Nginx3rdPartyModules
[4] http://www.evanmiller.org/nginx-modules-guide.html#compiling
Reply to: