Summary/Minutes from today's FESCo Meeting (2015-10-07)
Kevin Kofler
kevin.kofler at chello.at
Thu Oct 8 23:22:27 UTC 2015
Adam Jackson wrote:
> From the consumer's perspective it makes zero difference whether a
> particular library is bundled or not, as long as the app works.
Only until they run into their first symbol conflict due to conflicting
bundled libraries.
And even if there are no symbol conflicts, they WILL notice that:
1. the bundled library wastes their disk space,
2. the bundled library wastes their RAM (because shared objects share most
of their RAM segments, too), and
3. the bundled library wastes their time and bandwidth whenever downloading
an application update.
> Any undiscovered security bug (for instance) will be there in the
> unbundled copy of the library too.
But a discovered and fixed security bug will not! Good luck ensuring that
when the library is bundled throughout the distribution.
> And, to be honest, we're failing at tracking bundling _already_,
> regardless of this particular change in policy. clamav bundles a copy
> of llvm, ffs. Policies that are out of line with reality are bad
> policy: the war on drugs does not fix drug abuse, vagrancy laws do not
> fix poverty, and the war on bundling merely ensures that bundled
> software goes unreported.
That is willful abuse of the packaging guidelines and should really lead to
the packager getting unsponsored if it's done on purpose.
Kevin Kofler
More information about the devel
mailing list