[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Monotone-devel] Linking monotone with Debian's official sqlite shar
From: |
Alex Queiroz |
Subject: |
Re: [Monotone-devel] Linking monotone with Debian's official sqlite shared library |
Date: |
Tue, 26 Jul 2005 00:01:26 -0300 |
Hallo,
On 7/25/05, Nathaniel Smith <address@hidden> wrote:
> On Mon, Jul 25, 2005 at 10:12:55AM -0300, Alex Queiroz wrote:
> > These are very different libraries. The Lua libraries are almost
> > meant to be customised. Regarding SQLite, I agree it'd be better to
> > use the Debian libraries, to keep monotone automatically more
> > up-to-date and secure.
>
> -- "up-to-date" has no value here; users will not magically get more
> features because a utility library has been upgraded.
Surely they will, if SQLite starts using a new algorithm that's
100x faster without changing the ABI, an upgrade of the library is
going to get this improvement.
> -- "secure" is theoretically possible, but my imagination fails to
> come up with any way in which an sqlite bug could create a real
> security hole in monotone.
I know you are competent, but if you could think of every
possible attack scenario you'd be obscenely rich by now.
>
> Anyway, this discussion doesn't seem to be going much of anywhere; I
> think we've stated our reasons and will let that stand unless someone
> has something new to contribute...
>
Yes, it does seem that you will stand for your reasons,
regardless of what we may say.
-alex
http://www.ventonegro.org/