Hiya,
On Sat, Nov 05, 2011 at 07:00:58PM +0800, Paul Wise wrote:
> On Sat, Nov 5, 2011 at 6:45 PM, Elimar Riesebieter wrote:
>
> > we have many packages which are build against popt. Some of them
> > have included a bundled (inlined) verion of popt. But they are using
> > Debian's libopt-dev like pkg-config.
>
> Sounds like a bunch of bugs to be filed and info to be added to the
> security team's embedded code copies document:
Because it wasn't entirely clear here, I don't think it is a bug that
the source packages contain actually the the code; it's only a bug if
they actually use it in the building process. I don't think it's at all
useful to contact upstreams about embedded copies of code, as long as it's
possible to specify a systme-wide version at build-time. Everybody wins
that way.
Sean
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20111105120427.ga27...@cobija.connexer.com
