Open Nekto89 opened 7 months ago
Hi,
I've noticed that stb package contains components that have their own versions. And some of them might even have security vulnerabilities. Example: stb_image https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe%3A2.3%3Aa%3Anothings%3Astb_image.h%3A2.27%3A*%3A*%3A*%3A*%3A*%3A*%3A https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe%3A2.3%3Aa%3Astb_project%3Astb%3A2.27%3A%3A%3A%3A%3A%3A%3A
Maybe it would be better to have separate package for each library/header?
All package managers provide all headers of stb in one package. It seems overkill (and tedious) to create one recipe per header (21 !). Not fundamentally against that, but is it worth the effort?
What is your question?
Hi,
I've noticed that stb package contains components that have their own versions. And some of them might even have security vulnerabilities. Example: stb_image https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe%3A2.3%3Aa%3Anothings%3Astb_image.h%3A2.27%3A*%3A*%3A*%3A*%3A*%3A*%3A https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe%3A2.3%3Aa%3Astb_project%3Astb%3A2.27%3A%3A%3A%3A%3A%3A%3A
Maybe it would be better to have separate package for each library/header?