Daniel Kahn Gillmor
2010-Feb-17 04:34 UTC
[Secure-testing-team] cdrkit: embedded copies of code from hfsutils in genisoimage
Package: cdrkit Severity: wishlist cc''ing the secure testing team, as they''re listed as maintaining the list of embedded code copies https://wiki.debian.org/EmbeddedCodeCopies A comparison of files in cdrkit-1.1.10:libhfs_iso/ and hfsutils-3.2.6:libhfs/ suggest that they''re derived from the same source, albeit with a range of different modifications at this point. if any of the common-ancestor code has problems, it will need to be fixed in both places. If it was possible to break out the code into a shared library, future maintenance and security work would be improved. --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 891 bytes Desc: OpenPGP digital signature URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20100216/0608972c/attachment.pgp>