[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#33347] [PATCH 4/4] gnu: teeworlds: Update to 0.7.0 [fixes CVE-2018-

From: Leo Famulari
Subject: [bug#33347] [PATCH 4/4] gnu: teeworlds: Update to 0.7.0 [fixes CVE-2018-18541].
Date: Wed, 14 Nov 2018 12:39:31 -0500
User-agent: Mutt/1.10.1 (2018-07-13)

On Wed, Nov 14, 2018 at 09:36:25PM +0800, Alex Vong wrote:
> Well, I though we have a policy to remove bundle dependencies in order
> to avoid building the same library many times. Do we make exceptions for
> shared libraries w/o a build system? (an exception I can think of is
> gnulib)

In general, yes, our policy is to unbundle things when practical.

But there are some commonly used software implementations of basic
functions (like base64, sha1 (most hash functions actually), et cetera)
that are specifically designed to be copied and pasted into the
application that will be using them.

You can usually tell this is the case because the thing will not have
any build system at all, like you suggest. Also because you find the
same copy-pasted code in almost every program you look at, like with
base64 and the hash functions.

> Besides, the FIXME comment seems to suggest future readers to help
> remove the bundled pnglite. Debian also removes the bundled pnglite in
> teeworlds[0].

Well, at a certain point it becomes a matter of taste, and the choice
should be made by the person doing the work — you! Either way is fine
for Guix :) The important thing is to get this Teeworlds fix pushed
without too much delay.

Attachment: signature.asc
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]