Ticket #255 (closed: accepted)
Bundling exception request for nmap
|Reported by:||mhlavink||Owned by:||tibbs|
|Priority:||normal||Component:||Bundled Library Tracking|
nmap package post 6.01 version requires newer version of lua library than the one available in Fedora.
lua >= 5.2 is required
Lua 5.2 was released on 16 Dec 2011 http://www.lua.org/versions.html#5.2 yet Fedora still uses version 5.1.4 (latest 5.1.x release is Lua 5.1.5, released on 17 Feb 2012, a year ago).
I thought about filling a bugzilla request to update lua in Fedora, but I found there already was one: https://bugzilla.redhat.com/show_bug.cgi?id=815263
With no action, half a year later maintainer decided that it will probably be Feature for Fedora release, but there was still no action. Before Feature submission deadline I reminded that the deadline is close, but no action and no response.
As Lua maintainer does not seem to focus on Fedora's First goal and it will be another half a year (minimum) before Fedora gets updated Lua package, I'd like to use newer Lua to build up-to-date nmap releases.
Nmap upstream tarball already has a few required libraries including Lua, but I remove them from sources during %prep phase.
Answers to standard questions about bundling a library:
- no difference from upstream Lua 5.2 release
- N.A. - it's not a fork
- other packages could profit from newer version, there are useful changes, it's new upstream release with new features and bug fixes
- nmap upstream keeps the library updated
- nmap's upstream attitude towards bundling is "bundled library is not necessary, but we provide it, so you are able to build nmap in case you don't have it"
- security POV - this is newer version with more fixes than old 5.1.4 in Fedora
- comments from Fedora's maintainer - asked to update lua several times, no action during last year, he will probably update lua but who know when it will happen
- there is a plan to unbundle the library once the lua in Fedora meets build requirement
So, I'd like to ask for exception to use upstream provided Lua library until Lua in Fedora is updated to meet the requirements.