Removal of zlib, take 2.
ronniesahlberg at gmail.com
Wed Jul 16 16:58:15 MDT 2014
On Wed, Jul 16, 2014 at 1:17 PM, Jeremy Allison <jra at samba.org> wrote:
> On Wed, Jul 16, 2014 at 10:09:46PM +0200, Volker Lendecke wrote:
>> On Wed, Jul 16, 2014 at 09:10:15AM -0700, Jeremy Allison wrote:
>> > They WHY is completely obvious. We DO NOT MAINTAIN THESE LIBRARIES.
>> > They are upstream, and we need to treat them that way. Pulling in
>> > and shipping cruft we dont' update and don't maintain has to stop.
>> That's true. But we are mixing in a dependency on those
>> libraries into completely unrelated components. THAT has to
>> stop first. THEN we can talk about removing the internal
> Sure - I completely agree with that. Lessening dependencies,
> then removing libraries that are maintained upstream of us
> is the only sane way to keep Samba maintainable and secure
If no one is maintaining the zlib fork or keeping it in sync with
upstream then it should go asap.
Looks like the zlib fork was originally release almost to the day 9
years ago and based on the
upstream changelog it does look like there are several changes and
fixes that look really important.
Forking and then abandoning the fork is like juggling handgrenades.
Sooner or later you will miss to
backport a really important security fix and then you have to feel bad
for letting the users down.
More information about the samba-technical