On 2024-04-10 10:16, Chris wrote:
On 2024-04-10 07:08, Brad D wrote:
I’m still pretty fresh to porting here and was given feedback about some
security
and build concerns. I’ll be redoing my port and doing more testing (don’t
mind
iterating and improving especially when my reviewer was very kind and
helpful).
Is it uncalled for replacing problematic embedded libraries with equivalent
ones
in a port as a dependency if the library is in the repo and well
maintained? It’s
also not an essential part of the original app. An example of it being done
if
it’s a normal practice would be welcomed. Thanks
If I understand your question correctly;
Generally speaking, internal libraries (to the port) are acceptable,
especially as you seem to indicate, that they make the port more stable. As
far
as security goes; if it's reasonably well maintained upstream with a decent
security history. It shouldn't be a problem. Firefox might be a good example
here.
It has a number of internal libraries, and while there have been security
issues
in the past. They have been met with in a reasonable time frame.
HTH
OK it seems I misinterpreted the question. The answer Gleb provided was (of
course)
the correct answer.
Sorry for the misunderstanding.
--
--Chris Hutchinson
