[Secure-testing-team] Embedded copies of gnulib
Joachim Reichel
joachim.reichel at gmx.de
Sun Oct 26 10:43:43 UTC 2014
Hi,
during a package review for the NM process I noticed a few packages embedding a
copy of gnulib (or parts thereof), but no mentioning at
https://anonscm.debian.org/viewvc/secure-testing/data/embedded-code-copies?view=co
I don't know of a good way to detect gnulib since apparently many projects just
embed parts of its. Searching for a top-level "gl" directory gives:
$ grep ^gl/ Contents-source | sed 's/.*\t//;s/,/\n/g' | sort -u
calligra-l10n
cssc
dc3dd
djmount
frontaccounting
gengetopt
gfsview
gnupg2
gnutls26
gnutls28
gsasl
gss
jwhois
kde-l10n
libdap
libforms
libidn
libidn2-0
libksba
libntlm
libtasn1-6
libykneomgr
monitoring-plugins
oath-toolkit
openoffice.org-dictionaries
paperkey
pspp
shishi
source-highlight
calligra-l10n, dc3dd, kde-l10n, and openoffice.org-dictionaries are false positives.
gss and oath-toolkit can probably be ignored (essentially an "empty" copy of gnulib)
Note that there is no shared or static library package of gnulib, it is intended
to be distributed at the source code level.
Joachim
P.S.: Please CC: me on my replies.
More information about the Secure-testing-team
mailing list