Debian packages should not use convenience libraries

Document that Debian packages should not use convenience copies of
libraries and instead link to the library that's already present in
Debian.  Thanks to Neil McGovern, Bill Allombert, Kurt Roeckx,
Steve Langasek, Colin Watson, and others for wording suggestions.
Closes #392362.

git-archimport-id: rra@debian.org--lenny/debian-policy--devel--3.7--patch-32

diff --git a/debian/changelog b/debian/changelog
index 21a9e5ead87d873d66a309d64771e5ef8f5a24ac..e0ce0b4953925ff317ce95b97875ba3727dc35f5 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -4,6 +4,9 @@ debian-policy (3.7.4.0) unstable; urgency=low
     Colin Watson                                             (Closes: #440420).
   * Bug fix: "support for wrapped Uploaders should now be mandatory"
                                                              (Closes: #431813).
+  * Bug fix: "[PROPOSAL] Add should not embed code from other packages",
+    thanks to Neil McGovern, Colin Watson, Bill Allombert, Steve Langasek,
+    Kurt Roeckx, and others                                  (Closes: #392362).
   * Bug fix: "Examples of dpkg frontends should mention apt now", thanks
     to Josh Triplett                                         (Closes: #455602).
   * Bug fix: "Minor typos and wording suggestions", thanks to Michael

diff --git a/policy.sgml b/policy.sgml
index 262db3cb406f1c1c4ad29083c3e3d4af90f52edd..a53af996df91466c027bc19e980f5d62a22f0eb9 100644 (file)
--- a/policy.sgml
+++ b/policy.sgml
@@ -2076,6 +2076,34 @@
          the file to the list in <file>debian/files</file>.</p>
       </sect>
 
+      <sect id="embeddedfiles">
+       <heading>Convenience copies of code</heading>
+
+       <p>
+         Some software packages include in their distribution convenience
+         copies of code from other software packages, generally so that
+         users compiling from source don't have to download multiple
+         packages.  Debian packages should not make use of these
+         convenience copies unless the included package is explicitly
+         intended to be used in this way.<footnote>
+           For example, parts of the GNU build system work like this.
+         </footnote>
+         If the included code is already in the Debian archive in the
+         form of a library, the Debian packaging should ensure that
+         binary packages reference the libraries already in Debian and
+         the convenience copy is not used.  If the included code is not
+         already in Debian, it should be packaged separately as a
+         prerequisite if possible.
+         <footnote>
+           Having multiple copies of the same code in Debian is
+           inefficient, often creates either static linking or shared
+           library conflicts, and, most importantly, increases the
+           difficulty of handling security vulnerabilities in the
+           duplicated code.
+         </footnote>
+       </p>
+      </sect>
+
     </chapt>
 
 

diff --git a/upgrading-checklist.html b/upgrading-checklist.html
index e3eedd2aab297d93f31ea292bd7eec2582bef952..d0afa353ff039d9d1eab7a730c01d1893f51bfda 100644 (file)
--- a/upgrading-checklist.html
+++ b/upgrading-checklist.html
@@ -54,6 +54,9 @@ picking your way through this list.
 
 <pre>
 3.7.4.0                        unreleased
+     * Debian packages should not use convience copies of code from other
+       packages unless the included package is explicitly intended to be
+       used that way.                                            [4.13]
      * The Uploaders field in debian/control may be wrapped.     [5.6.3]
      * Manual pages in locale-specific directories should use either the
        legacy encoding for that directory or UTF-8.  Country names should