Review of kdev-python for move to extragear

Sune Vuorela nospam at vuorela.dk
Wed Dec 26 16:59:01 GMT 2012


On 2012-12-25, Sven Brauch <svenbrauch at googlemail.com> wrote:
> Also, I'm still not sure what exactly concerns you about security and
> maintenance. Problems I see include increased build time, and
> maintenance efforts for me personally in updating the fork, but none
> really seem fatal. Can you elaborate a bit about which problems you

One of the problems are that in a distribution like debian and/or 
ubuntu has around 60-70 patches against python2.7 to ensure it builds 
and works everywhere.
All these patches might also be needed the extra copy - and given the
extra copy is modified, then these patches might need to be adapted.

Another of the problems is that if there is a security bug in libpython,
then instead of just doing a security fix to python, one also needs to
do one to kdev-python.

The first problem is large amount of work for the distribution
packagers, and the second problem is quite annoying for distribution
security teams.

All of this applies to every embedded library. And python is a quite big
thing.

/Sune





More information about the kde-core-devel mailing list