| 1 |
> While I agree that it is certainly easier to keep the packages as |
| 2 |
> UPSTREAM bundles them, I'm not convinced that this is always a good |
| 3 |
> idea. If the effort is small, I'd rather patch the package to use the |
| 4 |
> standard libraries and send the patch upstream. Not only because it's |
| 5 |
> simply bad programming style but also because it's easier to handle |
| 6 |
> security this way. |
| 7 |
|
| 8 |
Best of luck with that ... but don't be surprised if UPSTREAM do not |
| 9 |
adopt these patches. It's not always bad programming style - it's often |
| 10 |
the only pragmatic thing to do. |
| 11 |
|
| 12 |
UPSTREAM bundle libraries because bitter experience (with poor ISP and |
| 13 |
shared hosting solutions) has taught the PHP community that if you need |
| 14 |
a third-party library and you don't bundle it, chances are that the |
| 15 |
third-party library won't be available. |
| 16 |
|
| 17 |
(The PHP and PEAR community also have to accept a lot of the blame for |
| 18 |
this state of affairs, by failing to provide an equivalent to CPAN from |
| 19 |
day one). |
| 20 |
|
| 21 |
Best regards, |
| 22 |
Stu |
| 23 |
|
| 24 |
-- |
| 25 |
gentoo-web-user@g.o mailing list |
Archives