Patch to remove zlib.
Jeremy Allison
jra at samba.org
Wed Jul 9 17:43:50 MDT 2014
On Thu, Jul 10, 2014 at 01:38:52AM +0200, Jelmer Vernooij wrote:
> On Wed, Jul 09, 2014 at 03:23:27PM -0700, Jeremy Allison wrote:
> > On Wed, Jul 09, 2014 at 09:50:36PM +0200, Volker Lendecke wrote:
> > > On Mon, Jul 07, 2014 at 12:46:47PM -0400, Ira Cooper wrote:
> > > > Note: To apply it unxz it then use git am --ignore-whitespace , otherwise
> > > > you may have issues. (xz was used to save the list a good bit of space...
> > > > it's over 500k gzipped.)
> > > >
> > > > As far as why: I listened to metze/vl. I disagree with them.
> > > >
> > > > I believe that third party (non Samba Team developed) libraries do not
> > > > belong in the tree. They are asking for trouble long term, IMHO.
> >
> > +1 on this. There have been security vulnerabilities in
> > zlib in the past, and we're not updating often enough
> > to make sure we're safe.
>
> We first imported zlib in 65c9e91a1bb24851a030a304d011558562cc50d6, which
> was in July 2008.
>
> The last zlib security release was in July 2005.
> http://www.cvedetails.com/vulnerability-list/vendor_id-72/product_id-1820/GNU-Zlib.html
Fair enough - facts beat opinions every time :-).
Thanks Jelmer !
Having said that having duplicate libraries in
the tree still makes me nervous :-).
Jeremy.
More information about the samba-technical
mailing list