On Wed, Jul 26, 2017 at 03:48:33PM +0300, Evgeny Kotkov wrote: > Stefan Sperling <s...@elego.de> writes: > > >> The way the lz4 code is currently embedded in libsvn_subr makes it > >> awkward to add support for an external liblz4. > > > > I agree that an external library should be used during the build. > > It makes life a lot easier for packagers on Unix-style systems, > > and is the expected de-facto standard in that ecosystem. > > I would very much prefer if we didn't have the mandatory dependency on > the external LZ4 library.
That's not what is being proposed. It's fine if the build can optionally use a copy provided by the user, or even a copy embedded in our code. But using that internal copy should not be mandatory. Who will be blamed if, in the future, a package manager for some Linux/BSD system fixes an exploitable bug in lz4, and accidentally leaves some systems vulnerable because of a missing patch to SVN's internal copy?
