From: "François Bobot" <francois.bobot@cea.fr>
To: caml-list@inria.fr
Subject: Re: [Caml-list] (dune/opam) Proper way of vendoring a library inside an application?
Date: Mon, 2 Mar 2020 10:33:02 +0100 [thread overview]
Message-ID: <0b4352c4-91b6-a5ce-41ed-e5388e569754@cea.fr> (raw)
In-Reply-To: <7277977a-213a-1c3d-ec70-214e2d248350@inria.fr>
Le 29/02/2020 à 12:20, François Pottier a écrit :
> I don't see how it could cause any packaging problem; it should
> be transparent. The copy of Fix embedded inside Menhir is used
> when Menhir is installed and is immediately thrown away.
>
Even if it is perhaps not applicable for Fix which is a small library, without attack surface.
Generally if there is a security bug in Fix, distributions don't want to need to patch it in all the
package which vendor Fix. Patching Fix once is simpler, more efficient and safer.
But for a distribution removing this vendor directory just mean to remove it, no other modifications
are needed; dune will then used the installed dependency. Package creator could look at
`(vendored_dirs vendor)` to find those directories. Of course the version can be different from the
last version of Fix. But to choose common version is usually the hurdle of packagers (which we
should strive not to burden more!).
Best,
--
François
prev parent reply other threads:[~2020-03-02 9:33 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-31 8:48 François Pottier
2020-01-31 13:08 ` François Bobot
2020-01-31 14:53 ` François Pottier
2020-02-03 10:26 ` Jeremie Dimino
2020-02-03 14:16 ` Jeremie Dimino
2020-02-03 14:53 ` François Pottier
2020-02-03 23:13 ` Jeremie Dimino
2020-02-04 9:10 ` François Pottier
2020-02-06 22:33 ` Jeremie Dimino
2020-02-10 9:37 ` [Caml-list] dune for OCaml < 4.07? François Pottier
2020-02-10 10:18 ` David Allsopp
2020-02-10 10:33 ` François Pottier
2020-02-10 11:27 ` David Allsopp
2020-02-29 8:41 ` [Caml-list] (dune/opam) Proper way of vendoring a library inside an application? Richard W.M. Jones
2020-02-29 11:20 ` François Pottier
2020-03-02 9:33 ` François Bobot [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=0b4352c4-91b6-a5ce-41ed-e5388e569754@cea.fr \
--to=francois.bobot@cea.fr \
--cc=caml-list@inria.fr \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).