Paul Wise <[email protected]> wrote: > I still recommend removing the embedded copies of libpng (and pngsuite),
good idea. > asking your upstreams to also remove the embedded copies of libpng Of course we won't do that, since it doesn't make sense. Those source trees are set up to be switchable. They can be compiled standalone without any external headers except standard libc stuff, and are the statically linked, which makes perfect sense for them. By using commandline switches to the configure script, they can easily be switched to dynamic linking using the libraries on the system. Which we do in Debian. > and notifying the security team about the code copies. Why should we bother them? Regards, Frank -- Dr. Frank Küster VCD Miltenberg, ADFC Aschaffenburg-Miltenberg B90/Grüne KV Miltenberg Debian Developer (TeXLive) -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
