Date: Fri, 14 Jan 2011 17:49:45 -0800 From: Charlie Kester <corky1951@comcast.net> To: freebsd-stable@freebsd.org Subject: Re: Policy on static linking ? Message-ID: <20110115014945.GA11894@comcast.net> In-Reply-To: <E1PdkJV-0007GJ-Rc@dilbert.ticketswitch.com> References: <E1PdkJV-0007GJ-Rc@dilbert.ticketswitch.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri 14 Jan 2011 at 06:07:37 PST Pete French wrote: > >I recently wanted to use libdespatch, but I found that the port >didn't install the static libraries. I filed a PR, and found out >from the reponse that this was deliberate, and that a number of >other ports were deliberately excluding static libraries too. Some >good reasons where given, which I wont reporduce here, >as you can read them at: http://www.freebsd.org/cgi/query-pr.cgi?pr=151306 > Interesting reading. One thing bothers me, however, about the reasons given against static linking. Surely, if a port statically links to a library, it calls out that library on a LIB_DEPENDS line and the dependency is reflected in the package database? So, if a security issue comes up with the library, it wouldn't be difficult to flag the dependent port as one that needs to be recompiled using the newly-patched library? The user only gets the patches to the shared library after he reads and responds to the security notice, or when he's doing a normal update of his ports. Correct? Well then, what's different about the scenario when it's a static library? What am I missing here?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20110115014945.GA11894>