Bas Wijnen <[EMAIL PROTECTED]> writes: > On Thu, Feb 14, 2008 at 04:02:41PM -0800, Russ Allbery wrote:
>> Note that libtool is an unusual case here and isn't the same as >> Autoconf or Automake. The files included in the package (libtool.m4 >> and ltmain.sh) are not generated files in the same sense. Running >> libtoolize basically just copies those files from the installed libtool >> into the package. > Oh, ok. That changes things a bit. In that case, not copying them, but > using the included copy instead is similar to using an included version > of a library instead of the package containing it. This is bad for > security, but not a problem with respect to policy. Given that the files are only used during the build process, it seems fairly irrelevant to security to me. (Embedded copies of libltdl are a different issue, but we already generally disable those.) -- Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
