https://bugzilla.redhat.com/show_bug.cgi?id=820488 --- Comment #17 from Stephen Gallagher <sgallagh@xxxxxxxxxx> --- (In reply to comment #16) > I understood that creating a subpackage for libxradius was not correct > because it was not connected to any "upstream" project, hence the need to > package libradius which was somehow trackable to something. > Well, the best-case scenario here is to contribute the changes you're making to split the library into a shared object back to upstream. Right now, we're effectively maintaining a fork (albeit one with little risk), but you certainly want upstream to take this on as well. > If that's ok I'll be more than happy to separate the bundled libradius and > maybe the patches to remove libmd and use nss/nspr can be re-used as well. > I think it's fine to take this approach. Let me know if you need help converting the mod_auth_xradius sources to use NSS for crypto (like I did for libradius in the other BZ). The forbidding of bundling is there so that we don't have to patch many packages to fix a bug/vulnerability in multiple places when it's discovered. We just patch the sources that produce the library and any consumer of it gets fixed freely, without having to make an update of their own. > I will try monday morning when I'll get back to the office. > -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ package-review mailing list package-review@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/package-review