* Angel Vidal (Kry) [Fri, 26 Aug 2005 06:20:05 +0200]:
Hello,
(when answering to a bug report, please be sure to mail not only the
bug address, in this case [EMAIL PROTECTED], but to the submitter
too, since the Debian BTS does not automatically forward messages to
the submitter. I only found this answer of yours by chance.)
> Out of curiosity, why would out internal copy be bad?
Note that the scope of this bug report is the Debian package only, not
aMule itself. That is, it's not relevant for me whether aMule upstream
includes an internal copy or not, though I _do_ understand the benefits
of such copy.
However, it is not allowed for Debian packages to use internal copies
of libraries available as shared libraries. Our Policy explicitly forbids
that, hence it's a bug at severity "serious" to fail to meet this
requirement.
The reasons that make this policy reasonable (from the most important
to the less) are:
(a) if a security bug pops up in the library, we want the security
team to only have to fix ONE copy; using internal copies in
several packages increases the workload of our security people,
AND most of the times, the fact that an internal copy is used
remains undocumented, so the security bug remains unfixed.
(b) internal copies increase memory usage, since they can't be
shared among processes
(c) internal copies increase disk usage
(d) internal copies increase the time required to build a package
> And why would this be critical?
It is critical for Debian, and as such, amule won't be shipped in a
stable release until this bug is fixed.
I am interested in having amule in the next stable release, so I'm
willing to help. Maintainer, if you're listening, please fix this or
let me fix it myself (and #325145 too :P).
> It even has some
> crypto sources patched because of a bug that arises on 2.6.x series
> kernels.
Well, this fixes should be in our libcrypto++ package, then. Are they
present in the next version of libcrypto++? Are they serious enough to
warrant a bug against our package, so that it gets patched?
Thanks for your interest,
--
Adeodato Simó
EM: asp16 [ykwim] alu.ua.es | PK: DA6AE621
Listening to: Johnny Cash - Just The Other Side of Nowhere
Don't ask the barber whether you need a haircut.
-- Daniel S. Greenberg
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
