[Fedora-packaging] Proposal to reduce anti-bundling requirements
Adam Williamson
adamwill at fedoraproject.org
Thu Sep 10 19:07:40 UTC 2015
On Thu, 2015-09-10 at 21:01 +0200, Reindl Harald wrote:
>
> Am 10.09.2015 um 20:37 schrieb Matthew Miller:
> > On Thu, Sep 10, 2015 at 07:48:22PM +0200, Reindl Harald wrote:
> > > if i would want a operating system where i have no idea after
> > > security updates for a library if *all* applications are fixed i
> > > could just have gone to Apple OSX or stayed at Windows
> >
> > Unbundling is one approach to that problem. It doesn't mean that
> > it's
> > the only one
>
> but the most important one
>
> if you have to wait for every single maintainer or even upstream
> until
> they recognize they are affected and need to rebuild likely the next
> vulerability is already discovered
Or, you know, we build tools to deal with it. We're a software
project, that's what we do. We already have a convention for denoting
that a package has bundled code: see the bundling page - you add a
Provides: bundled(somelib) . It's not as if it'd be impossible to
build some infrastructure to make the process of dealing with updates
to bundled libraries easier / more efficient.
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net
http://www.happyassassin.net
More information about the devel
mailing list