Date: Wed, 10 Apr 2024 10:16:04 -0700 From: Chris <portmaster@bsdforge.com> To: Brad D <social@brandongrows.me> Cc: freebsd-ports@freebsd.org Subject: Re: Porting question related to modifying original source code Message-ID: <e03d556197539426277939d35cf31d70@bsdforge.com> In-Reply-To: <G3MGKPX6uvf9iwx3iaUZk50CdjmrS0fCCkf5kCueGEvPnj9e5998JEmfNdkZsdGR37Cn5fZzFfiG6AjZ_Cu9Hw_j4H3cgfjkkPSjnidzR7s=@brandongrows.me> References: <G3MGKPX6uvf9iwx3iaUZk50CdjmrS0fCCkf5kCueGEvPnj9e5998JEmfNdkZsdGR37Cn5fZzFfiG6AjZ_Cu9Hw_j4H3cgfjkkPSjnidzR7s=@brandongrows.me>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2024-04-10 07:08, Brad D wrote: > I’m still pretty fresh to porting here and was given feedback about some > security > and build concerns. I’ll be redoing my port and doing more testing (don’t > mind > iterating and improving especially when my reviewer was very kind and > helpful). > > Is it uncalled for replacing problematic embedded libraries with equivalent > ones > in a port as a dependency if the library is in the repo and well maintained? > It’s > also not an essential part of the original app. An example of it being done > if > it’s a normal practice would be welcomed. Thanks If I understand your question correctly; Generally speaking, internal libraries (to the port) are acceptable, especially as you seem to indicate, that they make the port more stable. As far as security goes; if it's reasonably well maintained upstream with a decent security history. It shouldn't be a problem. Firefox might be a good example here. It has a number of internal libraries, and while there have been security issues in the past. They have been met with in a reasonable time frame. HTH -- --Chris Hutchinson
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?e03d556197539426277939d35cf31d70>