[Mageia-dev] Java-Policy first draft published
thierry.vignaud at gmail.com
Fri Jan 21 10:06:21 CET 2011
On 21 January 2011 00:01, nicolas vigier <boklm at mars-attacks.org> wrote:
>> Shipping binary jar given by upstream tarball cause trouble because you
>> 1) cannot patch them in case of bug
>> 2) cannot see how and what was compiled
>> That's not very free software friendly, and I think we should refuse
> I've already seen while trying to package java apps, a jar being shipped,
> but sources not available anywhere on the internet, except after
> searching for a few hours on an old website on archive.org with broken
> link to the sources zip, and developers not aware of the issue, because
> they never tried to find the sources, and always used this binary .jar
> they found on a random web site.
And they never though about security...
More information about the Mageia-dev