Summary/Minutes from today's FESCo Meeting (2015-10-07)

Kevin Kofler kevin.kofler at
Thu Oct 8 23:22:27 UTC 2015

Adam Jackson wrote:
> From the consumer's perspective it makes zero difference whether a
> particular library is bundled or not, as long as the app works.

Only until they run into their first symbol conflict due to conflicting 
bundled libraries.

And even if there are no symbol conflicts, they WILL notice that:
1. the bundled library wastes their disk space,
2. the bundled library wastes their RAM (because shared objects share most
   of their RAM segments, too), and
3. the bundled library wastes their time and bandwidth whenever downloading
   an application update.

> Any undiscovered security bug (for instance) will be there in the
> unbundled copy of the library too.

But a discovered and fixed security bug will not! Good luck ensuring that 
when the library is bundled throughout the distribution.

> And, to be honest, we're failing at tracking bundling _already_,
> regardless of this particular change in policy.  clamav bundles a copy
> of llvm, ffs.  Policies that are out of line with reality are bad
> policy: the war on drugs does not fix drug abuse, vagrancy laws do not
> fix poverty, and the war on bundling merely ensures that bundled
> software goes unreported.

That is willful abuse of the packaging guidelines and should really lead to 
the packager getting unsponsored if it's done on purpose.

        Kevin Kofler

More information about the devel mailing list