From Fedora Project Wiki
(Import existing)
 
(Clarify javascript exception a bit)
Line 3: Line 3:
A package should not include or build against a local copy of a library that exists on a system. The package should be patched to use the system libraries. This prevents old bugs and security holes from living on after the core system libraries have been fixed.
A package should not include or build against a local copy of a library that exists on a system. The package should be patched to use the system libraries. This prevents old bugs and security holes from living on after the core system libraries have been fixed.


In this RPM packaging context, the definition of the term 'library' includes: compiled third party source code resulting in shared or static linkable files, interpreted third party source code such as Python, PHP and others. At this time JavaScript intended to be served to a web browser is specifically exempted from this but this will likely change in the future.  
In this RPM packaging context, the definition of the term 'library' includes: compiled third party source code resulting in shared or static linkable files, interpreted third party source code such as Python, PHP and others. At this time JavaScript intended to be served to a web browser on another computer is specifically exempted from this but this will likely change in the future.


Some packages may be granted an exception to this. Please see the [[Packaging:No Bundled Libraries|No Bundled Libraries]] page for rationale, the process for being granted an exception, and the requirements if your package is bundling.  
Some packages may be granted an exception to this. Please see the [[Packaging:No Bundled Libraries|No Bundled Libraries]] page for rationale, the process for being granted an exception, and the requirements if your package is bundling.  


For information on how to remove bundled libraries, see: [[Packaging:Treatment_Of_Bundled_Libraries|Treatment Of Bundled Libraries]].
For information on how to remove bundled libraries, see: [[Packaging:Treatment_Of_Bundled_Libraries|Treatment Of Bundled Libraries]].

Revision as of 16:41, 4 April 2012

Duplication of system libraries

A package should not include or build against a local copy of a library that exists on a system. The package should be patched to use the system libraries. This prevents old bugs and security holes from living on after the core system libraries have been fixed.

In this RPM packaging context, the definition of the term 'library' includes: compiled third party source code resulting in shared or static linkable files, interpreted third party source code such as Python, PHP and others. At this time JavaScript intended to be served to a web browser on another computer is specifically exempted from this but this will likely change in the future.

Some packages may be granted an exception to this. Please see the No Bundled Libraries page for rationale, the process for being granted an exception, and the requirements if your package is bundling.

For information on how to remove bundled libraries, see: Treatment Of Bundled Libraries.