On Sun, Jun 21, 2015 at 04:38:24PM +0200, Emmanuel Bourg wrote: > Hi Emmanuel,
> It looks like the embedded dependencies are also relocated under the > org.jruby namespace. Removing them could lead to incompatibilities with > applications importing them. That's right, I don't intend to diverge from upstream on this, especially since this is a complex package. Although, this is a bug that should be documented until is fixed (at upstream, but I see it unlikely anyway). > I'd rather document the inclusion with a Built-Using field rather than > diverging from upstream. Thanks for the pointer, I don't maintain any package using this field so I have to document myself about it first. Question: let's say jruby embeds a copy of libasm4-java and we document this with Built-Using: libasm4-java (= 5.0.4-1) but in the future, a security vulnerability is reported and fixed in libasm4-java 5.0.4-2. Is jruby going to FTBFS in sid when libasm4-java or any of the embedded libraries get updated and the version using during last time is not available anymore? Cheers, -- Miguel Landaeta, nomadium at debian.org secure email with PGP 0x6E608B637D8967E9 available at http://miguel.cc/key. "Faith means not wanting to know what is true." -- Nietzsche
signature.asc
Description: Digital signature
