[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Monotone-devel] nvm.asio
|
From: |
Markus Wanner |
|
Subject: |
Re: [Monotone-devel] nvm.asio |
|
Date: |
Tue, 27 Jan 2009 11:24:50 +0100 |
|
User-agent: |
Thunderbird 2.0.0.19 (X11/20090105) |
Hi,
Matthew Nicholson wrote:
> From a packager's standpoint, using the system headers makes security
> bugs more explicit. If the packager's build system knows that monotone
> has a build time dependency on a particular library (even if it is
> header only) and a security bug is found in that library, then the
> packager knows it needs to recompile that library. If the library is
> bundled in monotone, that information is lost.
Thank you for this feedback from a packager's point of view.
However, unlike you seem to assume, recompiling the library does *not*
help with this kind of dependency. You need to recompile and repackage
monotone. In this regard, header-only dependencies are rather different
from library dependencies.
But, yeah, I take the point that packagers like the information that
monotone is "build time dependent" on boost. That would get lost if we
drop the dependency and incorporate the headers.
Regards
Markus Wanner
Re: [Monotone-devel] nvm.asio, Thomas Moschny, 2009/01/26