On Mon, Aug 06, 2007 at 12:08:04AM -0700, Russ Allbery wrote: > > --- orig/policy.sgml > +++ mod/policy.sgml > @@ -2077,6 +2077,30 @@ > the file to the list in <file>debian/files</file>.</p> > </sect> > > + <sect id="embeddedfiles"> > + <heading>Convenience copies of code</heading> > + > + <p> > + Some software packages include in their distribution convenience > + copies of code from other software packages, generally so that > + users compiling from source don't have to download multiple > + packages. Debian packages should not make use of these > + convenience copies. If the included code is already in the > + Debian archive in the form of a library, the Debian packaging > + should ensure that binary packages reference the libraries > + already in Debian and the convenience copy is not used. If the > + included code is not already in Debian, it should be packaged > + separately as a prerequisite if possible. > + <footnote> > + Having multiple copies of the same code in Debian is > + inefficient, often creates either static linking or shared > + library conflicts, and, most importantly, increases the > + difficulty of handling security vulnerabilities in the > + duplicated code. > + </footnote> > + </p> > + </sect> > + > </chapt>
I second this proposal. Kurt
signature.asc
Description: Digital signature
