please do not ship an embedded copy of jsoncpp
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Drizzle |
Triaged
|
High
|
Stewart Smith | ||
Debian |
New
|
Undecided
|
Unassigned |
Bug Description
Hallo,
As embedded code copies of libraries makes the live for distributions harder. The Debian Policy Manual for examples states:
"Having multiple copies of the same code in Debian is inefficient, often creates either static linking or shared library conflicts, and, most importantly, increases the difficulty of handling security vulnerabilities in the duplicated code. " [1]
This problem causes an lintian-error [2] and therefore -- as severity is serious -- it is a possible show-stopper to package drizzle for Debian -- unless there are some good reasons why this copy is needed. (If, please state them here ...) In this case it might be justified to override this linitian error.
[1] http://
[2] http://
Many thanks for your help from the drizzle's package maintainer @ Debian :-)
coldtobi
Changed in drizzle: | |
status: | New → Triaged |
importance: | Undecided → High |
assignee: | nobody → Stewart Smith (stewart) |
coldtobi <email address hidden> writes: www.debian. org/doc/ debian- policy/ footnotes. html#f30 lintian. debian. org/tags/ embedded- library. html
> As embedded code copies of libraries makes the live for distributions
> harder. The Debian Policy Manual for examples states:
>
> "Having multiple copies of the same code in Debian is inefficient, often
> creates either static linking or shared library conflicts, and, most
> importantly, increases the difficulty of handling security
> vulnerabilities in the duplicated code. " [1]
>
> This problem causes an lintian-error [2] and therefore -- as severity is
> serious -- it is a possible show-stopper to package drizzle for Debian
> -- unless there are some good reasons why this copy is needed. (If,
> please state them here ...) In this case it might be justified to
> override this linitian error.
>
> [1] http://
>
> [2] http://
>
> Many thanks for your help from the drizzle's package maintainer @ Debian
> :-)
I'll look into it, it probably isn't hard to link against the debian one
instead.
--
Stewart Smith