De-vendoring Gnulib in Debian

Speaker: Simon Josefsson

Track: MiniDebConf Berlin 2024

Type: Short Talk

Room: c-base

Time: May 18 (Sat): 16:30

Duration: 0:20

I will describe a new way to maintain Debian packages whose upstream use gnulib. This avoids vendoring gnulib files which allows several advantages, including being able to security patch gnulib code in one package (the Debian gnulib package) and have that code trickle down to all packages using gnulib. Another advantage is reducing the amount of duplicated code that people have to audit to find concerns like the xz utils incident.