Hi, On Mon, 20 Apr 2015, Hilko Bengen wrote: > * Raphaël Hertzog: > > > But libhtp is already packaged separately. Embedded copy are best > > avoided and to me it looks like #777040 got fixed the wrong way. > > libhtp should be fixed to have a saner SONAME and/or it should > > generate a strict dependency through its shlibs/symbols files. > > Is it your goal to get this fixed in jessie before the release or can > this wait?
Well, no, given that the release managers acked the embedded copy in jessie... but in the long term it's wrong to keep it that way. > > Right now, it's doubly wrong because the embedded library is on a > > public path and would conflict with the libhtp update to the same > > upstream version... > > I suppose that we can get rid of this shared library file by linking the > (embedded copy) of libhtp statically into the suricata binary. Yes but that gets rid of the file conflict only, not of the embedded copy which is the real problem in term of security maintenance. Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/ -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
