Packages shipping external libraries in their source tarballs
Dominik 'Rathann' Mierzejewski
dominik at greysector.net
Mon Mar 23 00:37:20 CET 2009
Hi.
In case you weren't aware, some of our packages contain bundled external
libraries which are, in most cases, already packaged either in Fedora
or RPM Fusion. I'd like to enourage you to browse through your packages'
sources and check if your package isn't shipping something some external
library inside. If it is, please work with upstream to unbundle it.
I've started tracking such packages here:
http://rpmfusion.org/BundledLibraries
Feel free to update/improve this page. As you can see, some of the bundled
libraries are really ancient and I think it should be a priority for the
respective maintainers to work with upstreams on addressing this issue.
If the bundled libraries are patched then ask upstream to send their patches
to the developers of the bundled library or do it on your own if you can.
If they are unpatched, ask upstream to modify their build system to support
system-provided versions or do it on your own if you can.
If the bundled libraries are not packaged, please package them (or at least
put them on the wishlist for Fedora or RPM Fusion).
Make no mistake, this is important. AFAICS at least the bundled FFmpeg in
avidemux has several unpatched security issues.
Regards,
--
Fedora http://fedoraproject.org/wiki/User:Rathann
RPMFusion http://rpmfusion.org | MPlayer http://mplayerhq.hu
"Faith manages."
-- Delenn to Lennier in Babylon 5:"Confessions and Lamentations"
More information about the rpmfusion-developers
mailing list