--- Begin Message ---
Subject: |
stop using gnulib |
Date: |
Tue, 12 Apr 2016 13:45:21 -0400 |
Source: libidn
Severity: normal
the use of gnulib in this package makes it significantly harder to
backport security patches around the different Debian suites. I have
spent a long time trying to figure out how to update the gnulib source
code in libidn for CVE-2015-2059, for example. it was pretty painful!
using an external library like libunistring would be much better. i
understand that gnulib is necessary to port to certain environments
for the GNU system, but this here is Debian, we can certainly do
better!
this would also be in accordance with ยง4.13:
https://www.debian.org/doc/debian-policy/ch-source.html#s-embeddedfiles
-- System Information:
Debian Release: 8.4
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500,
'stable'), (1, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.2.0-0.bpo.1-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---
Subject: |
Re: Bug#820816: stop using gnulib |
Date: |
Sun, 25 Sep 2016 19:05:53 +0200 |
I'm closing this as it appears there is nothing actionable to do here.
I'm happy to improve things if you have ideas, but I don't see any way
to improve the situation given the information we have in this report.
/Simon
pgpfn4kqyuc3G.pgp
Description: OpenPGP digital signatur
--- End Message ---