On Mon, 19 Feb 2018, Paul Wise wrote: > On Mon, Feb 19, 2018 at 9:51 PM, Raphael Hertzog wrote: > > > I don't want to lower the quality of what we have built so far, so while > > it's technically possible to build .deb and include a bundle of libraries > > pinned at the correct version, I don't think that this should allowed into > > the main archive. > > The "not allowing embedded code copies in the main archive" ship has sailed: > https://salsa.debian.org/security-tracker-team/security-tracker/raw/master/data/embedded-code-copies > https://wiki.debian.org/EmbeddedCodeCopies
I know this but at least you have the sources in the source package. I was referring to things like what I did in Kali for metasploit, it's a ruby application. The .deb ships the metasploit code (available in the source package) but also all the ruby libraries in a directory created with "bundle install --vendor" and this includes lots of stuff... plain ruby code but also binary extensions compiled on other systems and made available as ready-to-download gems. Sources: http://git.kali.org/gitweb/?p=packages/metasploit-framework.git;a=shortlog;h=refs/heads/kali/master Binary packages: https://http.kali.org/pool/main/m/metasploit-framework/ Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: https://www.freexian.com/services/debian-lts.html Learn to master Debian: https://debian-handbook.info/get/
