Drizzle

please do not ship an embedded copy of jsoncpp

Bug #1188926 reported by coldtobi
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Drizzle
Triaged
High
Stewart Smith
Debian
New
Undecided
Unassigned

Bug Description

Hallo,

As embedded code copies of libraries makes the live for distributions harder. The Debian Policy Manual for examples states:

"Having multiple copies of the same code in Debian is inefficient, often creates either static linking or shared library conflicts, and, most importantly, increases the difficulty of handling security vulnerabilities in the duplicated code. " [1]

This problem causes an lintian-error [2] and therefore -- as severity is serious -- it is a possible show-stopper to package drizzle for Debian -- unless there are some good reasons why this copy is needed. (If, please state them here ...) In this case it might be justified to override this linitian error.

[1] http://www.debian.org/doc/debian-policy/footnotes.html#f30

[2] http://lintian.debian.org/tags/embedded-library.html

Many thanks for your help from the drizzle's package maintainer @ Debian :-)

coldtobi

Revision history for this message
Stewart Smith (stewart) wrote : Re: [Bug 1188926] [NEW] please do not ship an embedded copy of jsoncpp

coldtobi <email address hidden> writes:
> As embedded code copies of libraries makes the live for distributions
> harder. The Debian Policy Manual for examples states:
>
> "Having multiple copies of the same code in Debian is inefficient, often
> creates either static linking or shared library conflicts, and, most
> importantly, increases the difficulty of handling security
> vulnerabilities in the duplicated code. " [1]
>
> This problem causes an lintian-error [2] and therefore -- as severity is
> serious -- it is a possible show-stopper to package drizzle for Debian
> -- unless there are some good reasons why this copy is needed. (If,
> please state them here ...) In this case it might be justified to
> override this linitian error.
>
> [1] http://www.debian.org/doc/debian-policy/footnotes.html#f30
>
> [2] http://lintian.debian.org/tags/embedded-library.html
>
> Many thanks for your help from the drizzle's package maintainer @ Debian
> :-)

I'll look into it, it probably isn't hard to link against the debian one
instead.

--
Stewart Smith

Stewart Smith (stewart)
Changed in drizzle:
status: New → Triaged
importance: Undecided → High
assignee: nobody → Stewart Smith (stewart)
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.