[arch-general] Libraries should also be built statically
Heiko Baums
lists at baums-on-web.de
Mon Feb 1 12:06:00 EST 2010
Am Mon, 01 Feb 2010 15:14:27 +0100
schrieb Jan de Groot <jan at jgc.homeip.net>:
> If a program is built static against an insecure library, upgrading
> the insecure library means the static binary is still vulnerable.
> That's what Allan means.
Well, that's obvious.
> When we switch to glibc-based initramfs, there shouldn't be any need
> for static compiled binaries anymore, ever.
Do you know, when this is planned?
Nevertheless I don't think that this is always the choice of a package
maintainer because if a software still requires statical libraries
because upstream decides so like fbsplash then this hasn't much to
do with the initramfs. I don't think that upstream cares much about an
initramfs of a specific distro. But maybe I can ask spock to build a
package without statical linking if this is possible in this case.
But until then the static libraries are at least in some cases
necessary.
> Static libraries are bad. Besides taking up diskspace, they're just
> bad to use. Ulrich Drepper has a nice PDF about this.
Do you have a link to this PDF?
Greetings,
Heiko
More information about the arch-general
mailing list