monotone-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Monotone-devel] Linking monotone with Debian's official sqlite shar

From: Alex Queiroz
Subject: Re: [Monotone-devel] Linking monotone with Debian's official sqlite shared library
Date: Tue, 26 Jul 2005 00:01:26 -0300 
Hallo,

On 7/25/05, Nathaniel Smith <address@hidden> wrote:
> On Mon, Jul 25, 2005 at 10:12:55AM -0300, Alex Queiroz wrote:
> >      These are very different libraries. The Lua libraries are almost
> > meant to be customised. Regarding SQLite, I agree it'd be better to
> > use the Debian libraries, to keep monotone automatically more
> > up-to-date and secure.
> 
>  -- "up-to-date" has no value here; users will not magically get more
>     features because a utility library has been upgraded.

     Surely they will, if SQLite starts using a new algorithm that's
100x faster without changing the ABI, an upgrade of the library is
going to get this improvement.

>  -- "secure" is theoretically possible, but my imagination fails to
>     come up with any way in which an sqlite bug could create a real
>     security hole in monotone.

     I know you are competent, but if you could think of every
possible attack scenario you'd be obscenely rich by now.

> 
> Anyway, this discussion doesn't seem to be going much of anywhere; I
> think we've stated our reasons and will let that stand unless someone
> has something new to contribute...
> 

     Yes, it does seem that you will stand for your reasons,
regardless of what we may say.

-alex
http://www.ventonegro.org/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]