[Nagiosplug-devel] Libtap included in distribution
Jan Wagner
waja at cyconet.org
Fri Aug 22 15:56:15 CEST 2008
Hi there,
On Friday 27 June 2008 00:01, Ton Voon wrote:
> Based on a comment made by Thomas, I've added the libtap distribution
> into the nagios plugins project. This enables us to run C tests
> without a dependency on external code.
>
> It includes two changes to the libtap project from
> http://jc.ngo.org.uk/trac-bin/trac.cgi/wiki/LibTap including disabling
> LIBPTHREAD and asprintf from gnulib
> (http://jc.ngo.org.uk/trac-bin/trac.cgi/ticket/32 ).
>
> libtap will only get included if ./configure --enable-libtap is set.
> However, compiling will only take effect if a "make test" is run.
sorry, but I have to come up with some complaints about that idea. I'm
speaking as member of the Debian Nagios Maintainer Group. Do you really think
it's an good idea to embedd code copies of other projects?
Embedding other software forces you to keep track of (security-)issues of each
of these projects and to update your copies at least if there occure any
breakerage. The chance you are missing some of them is not less and if
upstream of the code copies fixed their code, it will take extra time until
you release a new version with the fixed code and even it will add extra work
to your project.
For Distribution/Packagers this will become a big problem as well. They have
to keep track for all versions of these "embedded code copies" and try to
backport the fixes to all (various) versions embedded in various software
packages. Maybe the Security Team, which is responsible for updating security
bugs, is not aware that software "Y" is shipped within software "Z", where
software "Y" has an security issue, so software "Z" is also vulnerable.
Even as long as you don't modify the upstream code, there is a chance to use
the embedded software from external sources (for example the version shipped
with the distribution and have the issue allready fixed). If you include your
own changes into these code copies, this isn't possible anymore and your
project is the single point to get this issue of your code copy fixed, which
is quite annoying for all sides.
Please think carefully about your idea to ship 3rd party software with yours,
hopefully you will reconsider your decision. The Debian Security and the
QA-Team did force removal of software with embedded code copies from the
distribution in the past, which is not what anybody whats for nagios-plugins,
I guess.
Thanks and with kind regards, Jan.
--
Never write mail to <waja at spamfalle.info>, you have been warned!
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GIT d-- s+: a- C+++ UL++++ P+ L+++ E- W+++ N+++ o++ K++ w--- O M V- PS PE
Y++ PGP++ t-- 5 X R tv- b+ DI- D++ G++ e++ h-- r+++ y+++
------END GEEK CODE BLOCK------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://nagios-plugins.org/archive/devel/attachments/20080822/0938c645/attachment.sig>
More information about the Devel
mailing list