On 02/13/2015 08:20 PM, Florian Weimer wrote:
I have some people express the notation that they can always switch to
the system library version in case a security vulnerability comes out,
but I doubt that this works in practice (because then there wouldn't
be a reason for bundling).
It sometimes works. Typically in cases when upstreams bundle a library,
as conditional fallback or build-time option
- to cater cases an OS doesn't provide a library.
- because they believe to need a version "greater than the version the
OS provides (This is sometimes true, but sometimes also isn't)
- as convenience to occasional builders/installers, who doen't care
about system integration.
These cases aren't actually uncommon, but in most cases the reasons for
bundling are elsewhere:
- Dead upstreams
- Non-cooperational upstreams
- "Don't care" about system-integration.
- Lack of experience/naive upstream
...
Ralf
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
