[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Suggestion: Static libs policy, a draft (was: Re: Static linking considered harmful)

There seems that some compromise might be possible here.
I try to formulate certain approximate theses.

First of all, static libraries (if present) must go to the separate package ("-devel-static" or just "-static").

In order to support any static link, the "main system library", libc.a, must be present anyway

1. IF a library is needed for some binary which are built static in Core, such a library must have static variant too. In other words, for all statically linked executables in Core (recovering, init/boot time etc.), all the libraries which take place in the correspond static linkage must be present.

2. ELSE IF the library hardly depends on some particular environment, it must not have static variant.
For example, static linking with Gnome or KDE seems to be unuseful anyway.

3. ELSE IF the library processes any data which usually or potentially might come on a computer from an "external world", or if it designed to operate with some kind of "external world", such a library must not have static variant. Here all the wide-used binary contents (graphic, compress, crypt) and network protocols (ssl, X).
(Most often security issues are related for such types of libraries).

4. ELSE IF the library seems to be useful for static linking in some specific local environments, and there are some known users (or some known kind of users) who use it, this library should have the static variant. Here, for example, all "numeric/scientific" libraries (as already discussed for portability), maybe even ncurses, etc.

All another libraries must not have static by default. If some user request for it, the library's maintainer may provide static variant. The library's maintainer should provide a way for user to re-compile the library statically -- for example, by rpmbuild option "--with-static" and correspond condition macros in the .spec file.

In short words:
1. if        Used for static linking something in Core -- yes
2. elseif  Unuseful anyway -- no
3. elseif  Dangerous for security -- no
4. elseif  Some kind of users use it locally -- yes
5. else   maybe, but default -- no

Libraries of p.1 certainly should be available on CD/DVD, but libraries of p.4/p.5 must be distributed the same way as "-debuginfo" packages (i.e,, outside of the main distro trees).

Dmitry Butskoy

P.S. Please note, that it is just a draft... ;)

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]