On 08/28/2015 02:11 PM, Marcin Juszkiewicz wrote:
Hi
I am building software for misc distributions for over 11 years. And so
far Fedora packages are the worst of those I played with (mostly
OpenEmbedded and Debian).
Why? Because patches are mess. Let's take random one:
@@ -108,7 +108,7 @@
M = int(max(r, g, b))
m = int(min(r, g, b))
val = (2 * M + r + g + b) / 5
- p[:] = (val + r) / 2, (val + g) / 2, (val + b) / 2
+ #p[:] = (val + r) / 2, (val + g) / 2, (val + b) / 2
if alpha[y][x] >= 250:
alpha[y][x] = 255 - (M - m) * 3 / 4
del pixels
Who knows what it does and why? For some reason it has a name '64bitfix'
but why it is needed? Did upstream ever saw it? No idea.
In Debian (or in OpenEmbedded) it is solved by implementing DEP-3 [1]
In reality, here's what the Debian version of this patch looks like:
<
http://sources.debian.net/src/monsterz/0.7.1-8/debian/patches/010_64-bit-...
I'm not sure if it's all that more helpful, to be honest. It does not
follow DEP-3, sure, but neither do many other Debian packages. Even
some critical server packages still do not have any broken-out patches
at all.
(In general, if there is no upstream to contribute such fixes to, it's
probably best not to ship such software at all.)
--
Florian Weimer / Red Hat Product Security