Re: Policy on static linking ?

On Fri 14 Jan 2011 at 06:07:37 PST Pete French wrote:
>
>I recently wanted to use libdespatch, but I found that the port
>didn't install the static libraries. I filed a PR, and found out
>from the reponse that this was deliberate, and that a number of
>other ports were deliberately excluding static libraries too. Some
>good reasons where given, which I wont reporduce here,
>as you can read them at: http://www.freebsd.org/cgi/query-pr.cgi?pr=151306
>

Interesting reading.

One thing bothers me, however, about the reasons given against static
linking.  

Surely, if a port statically links to a library, it calls out that
library on a LIB_DEPENDS line and the dependency is reflected in the
package database?  So, if a security issue comes up with the library, it
wouldn't be difficult to flag the dependent port as one that needs to be
recompiled using the newly-patched library?

The user only gets the patches to the shared library after he reads and
responds to the security notice, or when he's doing a normal update of
his ports.  Correct?  Well then, what's different about the scenario
when it's a static library?

What am I missing here?
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"