Re: Porting question related to modifying original source code

Reply: Chris : "Re: Porting question related to modifying original source code"
In reply to: Brad D : "Porting question related to modifying original source code"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Chris <portmaster_at_bsdforge.com>
Date: Wed, 10 Apr 2024 17:16:04 UTC

On 2024-04-10 07:08, Brad D wrote:
> I’m still pretty fresh to porting here and was given feedback about some 
> security
> and build concerns. I’ll be redoing my port and doing more testing (don’t 
> mind
> iterating and improving especially when my reviewer was very kind and 
> helpful).
> 
> Is it uncalled for replacing problematic embedded libraries with equivalent 
> ones
> in a port as a dependency if the library is in the repo and well maintained? 
> It’s
> also not an essential part of the original app. An example of it being done 
> if
> it’s a normal practice would be welcomed. Thanks
If I understand your question correctly;
Generally speaking, internal libraries (to the port) are acceptable,
especially as you seem to indicate, that they make the port more stable. As 
far
as security goes; if it's reasonably well maintained upstream with a decent
security history. It shouldn't be a problem. Firefox might be a good example 
here.
It has a number of internal libraries, and while there have been security 
issues
in the past. They have been met with in a reasonable time frame.

HTH
-- 
--Chris Hutchinson