Web lists-archives.com

Bug#907051: Say much more about vendoring of libraries




Package: debian-policy
Version: 4.2.0.1

Hello,

On Thu 23 Aug 2018 at 12:27PM +0200, Alec Leamas wrote:

> https://fedoraproject.org/wiki/Packaging:Guidelines#Bundling_and_Duplication_of_system_libraries

Thank you for sharing this link -- it seems like Fedora have thought
harder about this than we have, at least at the level of the whole
project.

We can't jump straight to something as involved in that, but threads
like this on -devel suggest to me that Policy's discussing of vendoring
needs to be expanded.

In particular, Policy should explain /why/ bundling is best avoided, and
the consensus that it sometimes has to happen should be noted, along
with mention of registering bundled copies with the security team where
appropriate.

-- 
Sean Whitton

Attachment: signature.asc
Description: PGP signature