On Thu, 2015-09-10 at 21:01 +0200, Reindl Harald wrote: > > Am 10.09.2015 um 20:37 schrieb Matthew Miller: > > On Thu, Sep 10, 2015 at 07:48:22PM +0200, Reindl Harald wrote: > > > if i would want a operating system where i have no idea after > > > security updates for a library if *all* applications are fixed i > > > could just have gone to Apple OSX or stayed at Windows > > > > Unbundling is one approach to that problem. It doesn't mean that > > it's > > the only one > > but the most important one > > if you have to wait for every single maintainer or even upstream > until > they recognize they are affected and need to rebuild likely the next > vulerability is already discovered Or, you know, we build tools to deal with it. We're a software project, that's what we do. We already have a convention for denoting that a package has bundled code: see the bundling page - you add a Provides: bundled(somelib) . It's not as if it'd be impossible to build some infrastructure to make the process of dealing with updates to bundled libraries easier / more efficient. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net http://www.happyassassin.net -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
