Date: Thu, 11 Apr 2024 00:30:31 -0700 From: Chris <portmaster@bsdforge.com> To: Brad D <social@brandongrows.me> Cc: freebsd-ports@freebsd.org Subject: Re: Porting question related to modifying original source code Message-ID: <524ecefacf36399cfae91ee02a925212@bsdforge.com> In-Reply-To: <e03d556197539426277939d35cf31d70@bsdforge.com> References: <G3MGKPX6uvf9iwx3iaUZk50CdjmrS0fCCkf5kCueGEvPnj9e5998JEmfNdkZsdGR37Cn5fZzFfiG6AjZ_Cu9Hw_j4H3cgfjkkPSjnidzR7s=@brandongrows.me> <e03d556197539426277939d35cf31d70@bsdforge.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2024-04-10 10:16, Chris wrote: > On 2024-04-10 07:08, Brad D wrote: >> I’m still pretty fresh to porting here and was given feedback about some >> security >> and build concerns. I’ll be redoing my port and doing more testing (don’t >> mind >> iterating and improving especially when my reviewer was very kind and >> helpful). >> >> Is it uncalled for replacing problematic embedded libraries with equivalent >> ones >> in a port as a dependency if the library is in the repo and well >> maintained? It’s >> also not an essential part of the original app. An example of it being done >> if >> it’s a normal practice would be welcomed. Thanks > If I understand your question correctly; > Generally speaking, internal libraries (to the port) are acceptable, > especially as you seem to indicate, that they make the port more stable. As > far > as security goes; if it's reasonably well maintained upstream with a decent > security history. It shouldn't be a problem. Firefox might be a good example > here. > It has a number of internal libraries, and while there have been security > issues > in the past. They have been met with in a reasonable time frame. > > HTH OK it seems I misinterpreted the question. The answer Gleb provided was (of course) the correct answer. Sorry for the misunderstanding. -- --Chris Hutchinson
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?524ecefacf36399cfae91ee02a925212>