Please review: monotone
Roland McGrath
roland at redhat.com
Tue Jul 19 07:24:01 UTC 2005
> Hmm, the package seems to be using a modified, local, static copy of
> sqlite3. In the past, this kind of approach has caused serious
> vulnerabilities and maintenance problems (c.f. libz).
Unfortunately that's how they do it upstream. I had hoped that moving to
sqlite 3.2.2 would mean we could use the system one, but that doesn't work
because the monotone folks are actually using a locally modified version.
I agree that's unwise and a maintenance problem, but it's an upstream
problem. Their sqlite copy is part of their source that they maintain, so
I don't worry about it any more than the rest of their source.
Thanks,
Roland
More information about the fedora-extras-list
mailing list