Jun 18, 2023 07:58:39 Polarian <polarian@polarian.dev>:
I have realised a reoccurring theme with newer programming languages, everything is static linked creating huge binaries,
Bit of a myth, you're not using the entirety of everything you import, and linkers should properly handle removing unused symbols. Actually static linking might end up smaller this way (compared to installing the entire library as a separate package). Linkers have improved a lot since the last time static linking was the industry trend.
Dynamic linking allows for dependency reuse.
True but you'd be surprised how often that doesn't happen.
I am far from an expert in linking but I thought that dynamic linking would be more secure because of address space randomisation, which I do not think can be replicated when all the libraries are statically linked into the executable and thus loaded into the same address space, correct me if I am wrong.
static PIE exists.
The issue with static linking and modern languages is they all want to use their own package managers, I have had a few rust devs tell me to "stop packaging their applications because arch users should simply learn to use cargo install".
Seems like a lot of devs are anti-distro, but I personally would not like bespoke and nontested package managers vomiting all over my filesystem and leaving untrackable files. Arch users have the choice to use either (with consequences either way).
I assume the only time we should package go libraries, or libraries of any modern programming language is, in the off chance, they are dynamically linked against, or the library spits out a shared object?
Well what specifically are you planning to package? I don't think you've mentioned that yet. Abstract discussions lead to too many unspoken assumptions. - éclairevoyant