musescore 2.0.3+dfsg-1
Jonas Smedegaard
dr at jones.dk
Thu Jul 14 16:59:08 UTC 2016
[replying only to list, as per mailingst policy]
Quoting Peter Jonas (2016-07-14 18:18:56)
> As Tiago said the policy is a guideline,
Agreed. But a strong recommendation: For starters, each inclusion of an
embedded code copy is burden on the security team!
> but I don't believe it applies here anyway. The policy defines
> convenience copies as dependencies included "so that users compiling
> from source don't have to download multiple packages". It goes on to
> say that the policy does not apply when "the included package is
> explicitly intended to be used in this way."
>
> Freetype is included because not included for convenience. It is
> included because MuseScore's code has been tailored towards a specific
> version of Freetype and other versions of Freetype have been known to
> cause problems in the past.
I believe it does apply here: What Policy mentions as reason for not
avoiding embedded code copies is if the _library_ is intended to be used
that way - not if the consuming project intended to do so (arguably it
is always intentional).
Freetype has had quite a few bugs in the past, but fixating to a "known
working release" is *not* the solution, as that only hides the problems
- something we explicitly promise not to do in Debian.
- Jonas
--
* Jonas Smedegaard - idealist & Internet-arkitekt
* Tlf.: +45 40843136 Website: http://dr.jones.dk/
[x] quote me freely [ ] ask before reusing [ ] keep private
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/attachments/20160714/d66e96a4/attachment.sig>
More information about the pkg-multimedia-maintainers
mailing list