On Tue, Feb 3, 2026 at 6:29 AM Dmitry E. Oboukhov <[email protected]> wrote: > In the Debian Policy Manual [1], section 4.13 "Embedded code copies", > the use of convenience copies is disallowed: packages must not use > embedded copies of code from other packages, except when the included > package is explicitly intended for such use. If the code is already > in the archive as a library, the package must depend on it rather > than on a copy. If the code is not in Debian, it "should be packaged > separately as a prerequisite if possible". The rationale is that > duplication makes it harder to address vulnerabilities in the code.
This is an inaccurate summary of this section of Debian Policy. Debian Policy here uses the phrase "should not" which is not identical to "must not" and "disallowed". Please read Debian Policy § 1.1 [1], which defines "should" and related words as meaning best practices and recommendations, while "must" and related words describe requirements. There are many examples of embedded code copies in Debian. [1] https://www.debian.org/doc/debian-policy/ch-scope.html#scope Thank you, Jeremy Bícha
