* Stephen Quinney ([EMAIL PROTECTED]) [050509 17:20]: > On Mon, May 09, 2005 at 04:45:44PM +0200, Martin Schulze wrote: > > Christian Hammers wrote: > > > I could package the whole libsnmp source code into the Quagga file, and > > > simply compile it with --without-openssl and then link it statically > > > or something similar brute force and ugly. > > > > FWIW: Please don't. This would mean creating a security-support nightmare. > I know of at least one package that already does this. The > gibraltar-bootsupport package includes the source for coreutils, curl, > discover and expat. I have no idea how the security team are meant to > be aware of this if/when a security hole is discovered in any of those > 4 packages. IMO this sort of packaging should not be allowed in stable > releases.
Agreed. We should IMHO make such a requirement to be part of etchs release policy. Cheers, Andi -- http://home.arcor.de/andreas-barth/ PGP 1024/89FB5CE5 DC F1 85 6D A6 45 9C 0F 3B BE F1 D0 C5 D1 D9 0C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]