[Bug 1595] Review request: tarsnap - Online encrypted backup service
(client)
RPM Fusion Bugzilla
noreply at rpmfusion.org
Sun Jan 9 06:01:17 CET 2011
http://bugzilla.rpmfusion.org/show_bug.cgi?id=1595
--- Comment #1 from Ricky Zhou <ricky at rzhou.org> 2011-01-09 06:01:16 ---
One note on this package - it contains a bundled libarchive (although note that
the author of tarsnap is one of the authors of libarchive).
The author gave the following justification for bundling:
01:56:41 < rzhou> I wonder if the patches to libarchive in tarsnap would be
accepted by upstream.
04:01:38 <@cperciva> rzhou: most of them already are upstream
04:01:55 <@cperciva> rzhou: the changes which are left are too esoteric to be
useful in libarchive
04:14:42 < rzhou> Ah :-/ I'm afraid that I might run into issues submitting
tarsnap to rpmfusion
because of the bundled library.
04:15:17 < rzhou> (They use Fedora's packaging guidelines, which doesn't allow
bundled libraries:
http://fedoraproject.org/wiki/Packaging:No_Bundled_Libraries)
04:18:43 <@cperciva> rzhou: the reasons given there don't really apply in this
case
04:19:57 <@cperciva> rzhou: I'm one of the authors of libarchive; the lead
developer prefers to have
tarsnap bundle libarchive rather than pushing my changes
into libarchive; I'm
the FreeBSD security officer so I'll be very familiar with
any security issues
in libarchive; etc.
04:21:46 <@cperciva> rzhou: In general I think a no-bundled-libraries policy is
a very good one to
have -- but tarsnap and libarchive is quite distinctly a
special case
04:22:50 < rzhou> Hm. I guess I'll go ahead and submit it and see if it can
get an exemption. It
does seem like a shame that the code differences between
tarsnap's version and the
original are that tiny.
04:23:27 <@cperciva> rzhou: another reason actually is that tarsnap makes some
assumptions about
libarchive's behaviour beyond what's strictly guaranteed
by the libarchive APIs
04:24:02 <@cperciva> rzhou: so even if the tarsnap changes to libarchive were
pushed upstream,
tarsnap wouldn't be able to depend on an external
libarchive package safely
04:24:57 < rzhou> Ah, that would definitely be relevant to mention - mind if I
include a transcript
of this conversation in the package review?
04:25:15 <@cperciva> rzhou: go ahead
04:25:33 < rzhou> Cool, thanks for the explanation.
04:25:50 <@cperciva> rzhou: no problem, thanks for doing the work to package
tarsnap!
04:27:48 <@cperciva> rzhou: feel free to encourage the reviewers to contact me
directly if they need
to know anything else about how tarsnap works / why it
does what it does
--
Configure bugmail: http://bugzilla.rpmfusion.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
You are the assignee for the bug.
More information about the rpmfusion-developers
mailing list