On Tue, Jun 26, 2007 at 01:59:58PM +0100, Neil McGovern wrote: > On Mon, Jun 25, 2007 at 05:33:53PM +0200, Bill Allombert wrote: > > > Any suggestions for improved wording? > > > --- policy.sgml 2006-10-11 08:44:02.684306000 +0100 > +++ policy.sgml 2007-06-26 13:58:10.160026885 +0100 > @@ -2105,6 +2105,19 @@ > the file to the list in <file>debian/files</file>.</p> > </sect> > > + <sect id="embeddedfiles"> > + <heading>Embedding code provided in other packages</heading> > + <p> > + Should the upstream source ship with a convenience copy of an external > + library, and this library is already packaged in Debian, the Debian > + package should not embed or include this code. > + Instead, the package should be modified to reference the required > + files in the library package provided by Debian, and a Depends and/or > + Build-Depends relationship declared as required. > + Optionally, the convenience copy should not be compiled in the > + build-process. > + </p> > + </sect> > </chapt>
Two comments: 1) "this library is already packaged in Debian": If it is not packaged, it should be packaged instead of using the convenience copy. Otherwise three problems can appear: 1.1) if the library is packaged separately afterward. 1.2) if two packages include independently a convenience copy of the same library. 1.3) the security team might miss security issues in a library if it is not packaged but only used through a convenience copy. The keyword is "convenience" here: it does not apply to copy shipped as part of a larger tarball as the main distribution medium. 2) "Optionally ... should not" seems internally inconsistent. I would expect either "Optionally ... may not" or "Preferably,... should not" and I would prefer the second because compiling librairies we won't use is a waste of time and might cause linking inadvertently to them instead of the system one. But I certainly lift my objection. Cheers, -- Bill. <[EMAIL PROTECTED]> Imagine a large red swirl here.
signature.asc
Description: Digital signature
