>     > Debian policy requires that all binaries are dynamically linked if a
>     > shared library is available. 
> TeX Live policy is to make binaries that work on a wide variety of
> machines, since we cannot know what users will have installed.

That's the best approach from your point of view, of course.

> Within the world of Debian, I understand you could depend on the
> packages with those other libraries, and that's fine, I understand the
> security argument perfectly.  But it's going to be up to people who care
> about Debian to put in the time to make it work.  I guess it will mean a
> separate set of binaries.  It's too bad effort has to be fragmented that way.

A Debian Package will mean a separate set of binaries, anyway, because
they need to be compiled the Debian way, anyway, and you probably don't
have (and want) binaries for, for example, Linux-m86k or Linux-s390.

> I'm not sure specifically which libraries are at issue; zlib comes to
> mind, there must be others.  We don't build a shared kpathsea, but maybe
> Debian does, I don't know.

Debian does build libkpathsea as a shared library, yes. And the
libraries our binaries depend on are:

libgcc libpng libstdc++ libt1 libwww zlib

plus the following X-libs (don't know if everybody separates them):
libx11 libxaw libice libsm libxext libxmu libxt

> In its compressed form, TL fits (barely) on a CD.  In its live form, it
> is about 1.1gb.
> http://tug.org/ftp/texlive/Images/

Well, for the source package the compressed CD version would be
okay. However, I missed an important point in my description on how the
orig.tar.gz should be constructed: Of course we don't need the compiled
versions for anything, but we do need the sources of the binaries. I
wouldn't really recommend to put these in a separate orig.tar.gz -
Thomas Esser does it, but there are some drawbacks because of the need
to synchronise the two source packages.

>     Generally in TeXlive there should only be stuff which
>     is Debian-compatible. 
> The notable exception is that a few manuals are covered by the GFDL,
> which debian-legal declared nonfree.

I wouldn't currently bother about that. There are ongoing negotiations
with the FSF about changing the GFDL, and although I have not much hope
that this will in fact lead to a consensus between both parts, I
wouldn't care now - even Debian will ship GFDL documents in its next

