Policy on static linking ?
Charlie Kester
corky1951 at comcast.net
Sat Jan 15 02:02:58 UTC 2011
On Fri 14 Jan 2011 at 06:07:37 PST Pete French wrote:
>
>I recently wanted to use libdespatch, but I found that the port
>didn't install the static libraries. I filed a PR, and found out
>from the reponse that this was deliberate, and that a number of
>other ports were deliberately excluding static libraries too. Some
>good reasons where given, which I wont reporduce here,
>as you can read them at: http://www.freebsd.org/cgi/query-pr.cgi?pr=151306
>
Interesting reading.
One thing bothers me, however, about the reasons given against static
linking.
Surely, if a port statically links to a library, it calls out that
library on a LIB_DEPENDS line and the dependency is reflected in the
package database? So, if a security issue comes up with the library, it
wouldn't be difficult to flag the dependent port as one that needs to be
recompiled using the newly-patched library?
The user only gets the patches to the shared library after he reads and
responds to the security notice, or when he's doing a normal update of
his ports. Correct? Well then, what's different about the scenario
when it's a static library?
What am I missing here?
More information about the freebsd-stable
mailing list