From 1be510f9529cb082f802408b472a77d074b394c0 Mon Sep 17 00:00:00 2001 From: Nicolas Vigier Date: Sun, 14 Apr 2013 13:46:12 +0000 Subject: Add zarb MLs html archives --- zarb-ml/mageia-dev/20110121/002283.html | 72 +++++++++++++++++++++++++++++++++ 1 file changed, 72 insertions(+) create mode 100644 zarb-ml/mageia-dev/20110121/002283.html (limited to 'zarb-ml/mageia-dev/20110121/002283.html') diff --git a/zarb-ml/mageia-dev/20110121/002283.html b/zarb-ml/mageia-dev/20110121/002283.html new file mode 100644 index 000000000..ecb7a56d5 --- /dev/null +++ b/zarb-ml/mageia-dev/20110121/002283.html @@ -0,0 +1,72 @@ + + + + [Mageia-dev] Java-Policy first draft published + + + + + + + + + +

[Mageia-dev] Java-Policy first draft published

+ Thierry Vignaud + thierry.vignaud at gmail.com +
+ Fri Jan 21 10:06:21 CET 2011 +

+
+ +
On 21 January 2011 00:01, nicolas vigier <boklm at mars-attacks.org> wrote:
+>> Shipping binary jar given by upstream tarball cause trouble because you
+>> 1) cannot patch them in case of bug
+>> 2) cannot see how and what was compiled
+>>
+>> That's not very free software friendly, and I think we should refuse
+>> that.
+>
+> I've already seen while trying to package java apps, a jar being shipped,
+> but sources not available anywhere on the internet, except after
+> searching for a few hours on an old website on archive.org with broken
+> link to the sources zip, and developers not aware of the issue, because
+> they never tried to find the sources, and always used this binary .jar
+> they found on a random web site.
+
+And they never though about security...
+
+ + + +
+

+ +
+More information about the Mageia-dev +mailing list
+ -- cgit v1.2.1