[Pkg-nagios-devel] [Nagiosplug-devel] Libtap included in distribution

Jan Wagner waja at cyconet.org
Fri Aug 22 13:56:15 UTC 2008


Hi there,

On Friday 27 June 2008 00:01, Ton Voon wrote:
> Based on a comment made by Thomas, I've added the libtap distribution
> into the nagios plugins project. This enables us to run C tests
> without a dependency on external code.
>
> It includes two changes to the libtap project from
> http://jc.ngo.org.uk/trac-bin/trac.cgi/wiki/LibTap including disabling
> LIBPTHREAD and asprintf from gnulib
> (http://jc.ngo.org.uk/trac-bin/trac.cgi/ticket/32 ).
>
> libtap will only get included if ./configure --enable-libtap is set.
> However, compiling will only take effect if a "make test" is run.

sorry, but I have to come up with some complaints about that idea. I'm 
speaking as member of the Debian Nagios Maintainer Group. Do you really think 
it's an good idea to embedd code copies of other projects?

Embedding other software forces you to keep track of (security-)issues of each 
of these projects and to update your copies at least if there occure any 
breakerage. The chance you are missing some of them is not less and if 
upstream of the code copies fixed their code, it will take extra time until 
you release a new version with the fixed code and even it will add extra work 
to your project.

For Distribution/Packagers this will become a big problem as well. They have 
to keep track for all versions of these "embedded code copies" and try to 
backport the fixes to all (various) versions embedded in various software 
packages. Maybe the Security Team, which is responsible for updating security 
bugs, is not aware that software "Y" is shipped within software "Z", where 
software "Y" has an security issue, so software "Z" is also vulnerable.

Even as long as you don't modify the upstream code, there is a chance to use 
the embedded software from external sources (for example the version shipped 
with the distribution and have the issue allready fixed). If you include your 
own changes into these code copies, this isn't possible anymore and your 
project is the single point to get this issue of your code copy fixed, which 
is quite annoying for all sides.

Please think carefully about your idea to ship 3rd party software with yours, 
hopefully you will reconsider your decision. The Debian Security and the 
QA-Team did force removal of software with embedded code copies from the 
distribution in the past, which is not what anybody whats for nagios-plugins, 
I guess.

Thanks and with kind regards, Jan.
-- 
Never write mail to <waja at spamfalle.info>, you have been warned!
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GIT d-- s+: a- C+++ UL++++ P+ L+++ E- W+++ N+++ o++ K++ w--- O M V- PS PE
Y++ PGP++ t-- 5 X R tv- b+ DI- D++ G++ e++ h-- r+++ y+++
------END GEEK CODE BLOCK------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/pkg-nagios-devel/attachments/20080822/0938c645/attachment.pgp 


More information about the Pkg-nagios-devel mailing list