[very much RFC][icedtea-web] fix for [Bug 564] NetX depends on sun.misc.BASE64Encoder
Omair Majid
omajid at redhat.com
Fri Oct 7 10:01:33 PDT 2011
On 10/07/2011 12:09 PM, Jiri Vanek wrote:
> Only drawback of copypasting this explicit code is that we lost possible
> updates from third party (where is it much more used then in icedtea-web)
Actually, I am against copying code into icedtea-web. Not only do we
lose the benefit from updates, if any security issues are discovered in
the code (not that sun.misc.BASE64Encoder is likely to have many), we
will have to update the code in icedtea-web as well. To be safe, that
would mean that we look every security update for openjdk and double
check that the code we copied into icedtea-web is not affected by the fix.
I think
https://fedoraproject.org/wiki/Packaging:No_Bundled_Libraries#Why_no_Bundled_Libraries
gives many more reasons why copying code ("bundling") into icedtea-web
may be a bad idea.
Still, if others think it is fine to copy a small (and rather safe)
piece of code into icedtea-web, then please don't let me stop you.
Cheers,
Omair
More information about the distro-pkg-dev
mailing list