[Secure-testing-team] cdrkit: embedded copies of code from hfsutils in genisoimage
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Wed Feb 17 04:34:31 UTC 2010
Package: cdrkit
Severity: wishlist
cc'ing the secure testing team, as they're listed as maintaining the
list of embedded code copies https://wiki.debian.org/EmbeddedCodeCopies
A comparison of files in cdrkit-1.1.10:libhfs_iso/ and
hfsutils-3.2.6:libhfs/ suggest that they're derived from the same
source, albeit with a range of different modifications at this point.
if any of the common-ancestor code has problems, it will need to be
fixed in both places.
If it was possible to break out the code into a shared library, future
maintenance and security work would be improved.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 891 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20100216/0608972c/attachment.pgp>
More information about the Secure-testing-team
mailing list