From owner-freebsd-stable@FreeBSD.ORG Sat Jan 15 02:02:58 2011 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 83845106566B for ; Sat, 15 Jan 2011 02:02:58 +0000 (UTC) (envelope-from corky1951@comcast.net) Received: from qmta13.emeryville.ca.mail.comcast.net (qmta13.emeryville.ca.mail.comcast.net [76.96.27.243]) by mx1.freebsd.org (Postfix) with ESMTP id 647108FC12 for ; Sat, 15 Jan 2011 02:02:58 +0000 (UTC) Received: from omta23.emeryville.ca.mail.comcast.net ([76.96.30.90]) by qmta13.emeryville.ca.mail.comcast.net with comcast id vTn51f00C1wfjNsADdpncp; Sat, 15 Jan 2011 01:49:47 +0000 Received: from comcast.net ([98.203.142.76]) by omta23.emeryville.ca.mail.comcast.net with comcast id vdpl1f00J1f6R9u8jdpmE1; Sat, 15 Jan 2011 01:49:47 +0000 Received: by comcast.net (sSMTP sendmail emulation); Fri, 14 Jan 2011 17:49:45 -0800 Date: Fri, 14 Jan 2011 17:49:45 -0800 From: Charlie Kester To: freebsd-stable@freebsd.org Message-ID: <20110115014945.GA11894@comcast.net> Mail-Followup-To: freebsd-stable@freebsd.org References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4.2.3i X-Mailer: Mutt 1.4.2.3i X-Composer: Vim 7.3 Subject: Re: Policy on static linking ? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 15 Jan 2011 02:02:58 -0000 On Fri 14 Jan 2011 at 06:07:37 PST Pete French wrote: > >I recently wanted to use libdespatch, but I found that the port >didn't install the static libraries. I filed a PR, and found out >from the reponse that this was deliberate, and that a number of >other ports were deliberately excluding static libraries too. Some >good reasons where given, which I wont reporduce here, >as you can read them at: http://www.freebsd.org/cgi/query-pr.cgi?pr=151306 > Interesting reading. One thing bothers me, however, about the reasons given against static linking. Surely, if a port statically links to a library, it calls out that library on a LIB_DEPENDS line and the dependency is reflected in the package database? So, if a security issue comes up with the library, it wouldn't be difficult to flag the dependent port as one that needs to be recompiled using the newly-patched library? The user only gets the patches to the shared library after he reads and responds to the security notice, or when he's doing a normal update of his ports. Correct? Well then, what's different about the scenario when it's a static library? What am I missing here?