blob: 9c7e350ef994068971adf3cf6d6e54756ce89ca8 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE> [Mageia-dev] Meeting for secteam start
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Meeting%20for%20secteam%20start&In-Reply-To=%3C4DA980B3.9020007%40gmail.com%3E">
<META NAME="robots" CONTENT="index,nofollow">
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="004007.html">
<LINK REL="Next" HREF="004014.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[Mageia-dev] Meeting for secteam start</H1>
<B>Stew Benedict</B>
<A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Meeting%20for%20secteam%20start&In-Reply-To=%3C4DA980B3.9020007%40gmail.com%3E"
TITLE="[Mageia-dev] Meeting for secteam start">stewbintn at gmail.com
</A><BR>
<I>Sat Apr 16 13:42:43 CEST 2011</I>
<P><UL>
<LI>Previous message: <A HREF="004007.html">[Mageia-dev] Meeting for secteam start
</A></li>
<LI>Next message: <A HREF="004014.html">[Mageia-dev] Meeting for secteam start
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#4008">[ date ]</a>
<a href="thread.html#4008">[ thread ]</a>
<a href="subject.html#4008">[ subject ]</a>
<a href="author.html#4008">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>On 04/16/2011 06:49 AM, Thierry Vignaud wrote:
><i> On 16 April 2011 10:10, Michael Scherer <<A HREF="https://www.mageia.org/mailman/listinfo/mageia-dev">misc at zarb.org</A>> wrote:
</I>><i>
</I>>>><i> * check our srpm database (Vincent later reworked this) for all the
</I>>>><i> places the affected source code
</I>>>><i> may be buried (many packages embed copies of other source)
</I>>>><i>
</I>>><i> I would propose to have a policy of using system wide library and do not
</I>>><i> allow bundled copy ( but this would be likely annoying for some case ).
</I>>><i>
</I>><i> That was the policy at mdv too.
</I>><i> We'd too much pain with all those copies.
</I>><i>
</I>><i>
</I>And for the most part this worked. If I remember correctly, the biggest
pain points were xpdf code being cloned all over and libtiff?
I believe the xpdf situation has improved considerably since then,
although I haven't spent a lot of time with the code of the various
readers. I seemed like we had an xpdf vuln once a month or so, which
triggered updates of several packages. At least having the tool to
search the source tarballs gave us an easy way to check possible areas
that might be at risk (although the initial database load took some time
(clock time, not people time).
Other suggestions on openness make perfect sense to me. No need to be
"secret" about anything unless we really have to.
--
Stew Benedict
New Tazewell, TN
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="004007.html">[Mageia-dev] Meeting for secteam start
</A></li>
<LI>Next message: <A HREF="004014.html">[Mageia-dev] Meeting for secteam start
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#4008">[ date ]</a>
<a href="thread.html#4008">[ thread ]</a>
<a href="subject.html#4008">[ subject ]</a>
<a href="author.html#4008">[ author ]</a>
</LI>
</UL>
<hr>
<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev
mailing list</a><br>
</body></html>
|
