Gerald Henriksen wrote:
what rule is that?
Maybe our guidelines [*] about bundling and duplication is threatened with modularity.
Last but not least, if there's a CVE or soname bump in whatever library, we'd need
to rebuild the whole modularity stack depending. That would mean to request more traffic
to the end users with all the updates, this coordination needs communication.
Without modularity, we've to just rebuild the affected library package(s) in case of
CVE and it'd be mostly done.
Of course, we shouldn't base the process on one or two maintainers only to be expected
to handle the whole dependencies stack, java packaging is indeed a good example.