Sponsor and review request: opendap, librx
Tom 'spot' Callaway
tcallawa at redhat.com
Sat Apr 23 22:23:30 UTC 2005
On Sat, 2005-04-23 at 14:49 -0400, Ed Hill wrote:
> In terms of both policy and practical considerations, is it OK to allow
> packages (like OPeNDAP) to include their own versions of some libs? Or
> should we patch their build system(s) to use the versions provided by
> the "official" RPMs?
No, it really isn't. This is how known security holes stick around for
long periods of time after the core libs have been patched (like openssl
in KDE).
This should be policy, and I'll add it to the guidelines.
I'm reworking opendap to use the system libs (new packages shortly).
~spot
--
Tom "spot" Callaway: Red Hat Sales Engineer || GPG Fingerprint: 93054260
Fedora Extras Steering Committee Member (RPM Standards and Practices)
Aurora Linux Project Leader: http://auroralinux.org
Lemurs, llamas, and sparcs, oh my!
More information about the fedora-extras-list
mailing list