[Vm-dev] Squeak removed from Gentoo Linux

John M McIntosh johnmci at smalltalkconsulting.com
Thu May 27 20:19:16 UTC 2010


In my reading of this the issue is that these three libraries are used by the jpeg, gsm (sound), and RE plugins 
Instead of dynamically linking to the platform libraries we are  compiled from older source which has security issues. 

jpeg 
libgsm
pcre


libmpeg3   This is not supported I would say you ditch it from the distribution. 


I would think then to comply you need a version of VMMaker and support files that dynamically link in the three libraries versus compiling our private copy of the source code. 

On 2010-05-27, at 1:05 PM, Geoffroy Couprie wrote:

> 
> On Thu, May 27, 2010 at 7:37 PM, Bert Freudenberg <bert at freudenbergs.de> wrote:
>> 
>> Squeak was recently removed from Gentoo Linux Ebuilds because of security issues in our bundled plugins:
>> 
>>        http://bugs.gentoo.org/show_bug.cgi?id=247363
>> 
>> While it is convenient for us to bundle external library sources, package maintainers do not like that practice. Is there anything we can realistically do about it?
>> 
> 
> They have a point there. Statically linked libraries are not really a
> problem for Windows and Mac, but you should expect similar reactions
> from other distributions in the future if it is not fixed.

--
===========================================================================
John M. McIntosh <johnmci at smalltalkconsulting.com>   Twitter:  squeaker68882
Corporate Smalltalk Consulting Ltd.  http://www.smalltalkconsulting.com
===========================================================================




-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2445 bytes
Desc: not available
Url : http://lists.squeakfoundation.org/pipermail/vm-dev/attachments/20100527/375821c7/smime.bin


More information about the Vm-dev mailing list