* Jonas Smedegaard (d...@jones.dk) wrote: > Quoting Eric Dorland (2015-05-19 21:44:50) > > What's the current thinking on embedded libraries in source code? One > > of my packages has an embedded (and slightly modified) version of > > libevent that it links statically. It doesn't seem like Built-Using is > > the right thing to use in this situation since it's not embedding > > another package. However it seems like a good idea to make this > > information visible somehow, for example to help the security-team > > find vulnerable embedded versions of software. > > I believe this is what you seek: > > https://wiki.debian.org/EmbeddedCodeCopies
Excellent, thanks! Seems unfortunate that this metadata can't be maintained in the package rather than in this hand curated list. Perhaps a debian/source/embeds file? -- Eric Dorland <e...@kuroneko.ca> 43CF 1228 F726 FD5B 474C E962 C256 FBD5 0022 1E93
signature.asc
Description: Digital signature
