Hi Michael, On Tue, Mar 1, 2016 at 4:52 PM, Michael Biebl <mbi...@gmail.com> wrote: > Hi everyone, > > I just noticed that the new tracker 1.6.2 contains a code copy of > sqlite and no longer allows one to use the system sqlite library. > This is problematic for various reasons and distros like Debian [1] > and Fedora strongly discourage such code copies. > > Would it be possible to re-add the ability to link against the system > sqlite and only fall back to the embedded copy if the system library > doesn't meet the requirements of tracker (and output a big fat warning > in this case)?
Not sure if you missed the action caused by sqlite 3.11. From that version on, they've hidden by default a sql function that's indispensable for us. https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7036 Tracker itself is not hit by this cve, but we've evidently become colateral damage since this is removed by default. The embedded copy solution has only been done on current stable releases (1.4 and 1.6). It's not one I'm too happy with. But it's surely better than requiring -DSQLITE_ENABLE_FTS3_TOKENIZER system-wide (partly why I just went for always using the embedded copy, this is something distros don't want enabled). For master (and upcoming 1.8), I've opted for using FTS5 (which doesn't have this problem), and still rely on the system sqlite library. I understand and share your concerns, but this is kind of a rough spot we're on :). Cheers, Carlos _______________________________________________ tracker-list mailing list tracker-list@gnome.org https://mail.gnome.org/mailman/listinfo/tracker-list