Hi.
In case you weren't aware, some of our packages contain bundled external
libraries which are, in most cases, already packaged either in Fedora
or RPM Fusion. I'd like to enourage you to browse through your packages'
sources and check if your package isn't shipping something some external
library inside. If it is, please work with upstream to unbundle it.
I've started tracking such packages here:
http://rpmfusion.org/BundledLibraries
Feel free to update/improve this page. As you can see, some of the bundled
libraries are really ancient and I think it should be a priority for the
respective maintainers to work with upstreams on addressing this issue.
If the bundled libraries are patched then ask upstream to send their patches
to the developers of the bundled library or do it on your own if you can.
If they are unpatched, ask upstream to modify their build system to support
system-provided versions or do it on your own if you can.
If the bundled libraries are not packaged, please package them (or at least
put them on the wishlist for Fedora or RPM Fusion).
Make no mistake, this is important. AFAICS at least the bundled FFmpeg in
avidemux has several unpatched security issues.
Regards,
--
Fedora
http://fedoraproject.org/wiki/User:Rathann
RPMFusion
http://rpmfusion.org | MPlayer
http://mplayerhq.hu
"Faith manages."
-- Delenn to Lennier in Babylon 5:"Confessions and Lamentations"