Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Create and install dependency manifests #230
A common problem when embedding sources is that you can't tell for any given executable what libraries it has. It might have an insecure version of OpenSSL, for example. This MR adds a dependency manifest, which lists each internally used dependency and its version. With this information it is easy to find executables that have unsafe dependencies and prevent them from running.
The format of the file is not final, more of a suggestion to get the ball rolling.
For distro packaging we wouldn't. That's why they are not installed by default.
This is for xdg-app applications and the like that embed their dependencies. This allows a distro security system to inspect the dependencies against a blacklist and block the app from running if it has vulnerable parts.