[Digikam-users] digiKam 0.9.4-rc1 release
Gilles Caulier
caulier.gilles at gmail.com
Wed Jun 18 19:25:36 BST 2008
2008/6/18 Treeve Jelbert <treeve at scarlet.be>:
> while I welcome a new digikam release, I think that integrating sqlite3 is a
> backward step. If a security fix is made to sqlite3, digikam will not benefit
> from it until it is re-released.
>
> Is it possible to disable the embedded version when building digikam from
> source?
>
> As a general rule products should not embed other libraries, as it bloats the
> source code and introduces insecurity, as well as making more work for
> developers.
And this is not the case. For ex, look in Qt for example libpng is
included like qslite3... and this not make a problem.
We don't have any way to control fine witch sqlite3 version used to
compile digiKam. We want a suitable program. This is the only solution
found.
Also, digiKam do not provide a new sqlite3 program. We compile it with
the source code of shared libs. that all.
The source code of sqlite is the same that the official package. if a
security issue is found, we can just update source code and _validate_
the version included.
For KDE4, another way is done : we use QT4::SQLite plugin... which is
also compiled with a dedicated libsqlite version embeded in the
library...
Note : Amarok also include libsqlite3 source code...
Best
Gilles Caulier
More information about the Digikam-users
mailing list