[webkit-dev] Proposal: bundled/vendored code belongs under ThirdParty/
Michael Catanzaro
mcatanzaro at redhat.com
Mon Oct 7 11:36:01 PDT 2024
Another benefit is we can only track security vulnerabilities in the
bundled libraries if we know that they exist. In Fedora, we declare
bundled libraries using RPM Provides, then Red Hat Product Security can
consider those provides when searching for affected packages. A human
(me) has to know and add the Provides.
I didn't know about simde until the build started failing earlier this
year.
I didn't know simdutf until:
https://blogs.gnome.org/chergert/2024/10/01/utf-8-validation-performance/
Probably there are more bundled libraries that I don't know about!
Michael
More information about the webkit-dev
mailing list