[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#657405: mediagoblin: no more missing dependencies

Just a note about embedded code copies:

Embedded code copies should be avoided, but the policy does not
use the words "must not" here. In some cases it is difficult to
avoid them and they may be tolerated for some time.

As long as mediagoblin is the only package using it, there is at
least not the problem of code duplication, but Debian must be
aware of the code, so that one can react on security issues.

The testing security team maintains a list of embedded code
copies for this purpose:
https://anonscm.debian.org/viewvc/secure-testing/data/embedded-code-copies?view=co

I suggest to file a bug against mediagoblin about any embedded
code copies and send the bug numbers as reference to
secure-testing-team@lists.alioth.debian.org.

See https://wiki.debian.org/EmbeddedCodeCopies
Reply to: