On Fri, 12 Dec 2008, Adeodato Simó wrote:
Hello Asheesh, others.
* Asheesh Laroia [Thu, 06 Mar 2008 19:47:24 -0800]:
Supporting new drivers means patching the uw-imap source included with
alpine. I believe it makes good sense to instead patch alpine the use
the shared (Debian-patched not-approved-by-Mark Crispin) libc-client
package and if Alpine invents additional patches for the uw-imap source
in addition to the current Maildir patch then consider applying them to
that shared library instead, for the benefit of php and others using
it, in addition to Alpine.
If we find that some patches (possibly including the current Maildir
patch) may not be stable enough to force all Debian users of uw-imap
and other C-lient-based software, then we could maybe extend the build
routines of uw-imap to package several flavors of th c-client library
with different patches applied.
This seems like more trouble than it's worth. I hardly see the benefit
at all, actually.
But tell me if I'm missing something.
It is very important to make an effort that the same code is not
compiled from different source packages. That is, if package X ships a
copy of library L, which is packaged separately in Debian as well, and
the configure script of X wants to compile that private copy of the
library and link statically against it, then Debian prefers that the
configure script of X be modified so that X links against the packaged
version of L.
This is so becuase code duplication increases the amount of work the
security team has to perform if a security hole is discovered in L; and
exposes users to unknown vulnerabilities if the code duplication between
X and L is not known by the security team.
Thanks for the thoughtful email. I agree with the concerns you raised and
will see about how to do this.
Help is welcome!
-- Asheesh.
--
Cold hands, no gloves.
