static libraries' policy
Paul Howarth
paul at city-fan.org
Tue Nov 8 15:54:58 UTC 2005
Linus Walleij wrote:
> On Tue, 8 Nov 2005, Dmitry Butskoy wrote:
>
>> It seems that the recommendation to avoid the including of static
>> libraries into devel package does not work properly.
>
>
> It does. Very many if not all of the packages including static libs were
> probably made before the rule was in place.
>
> The case for no static libs is very profound, for example a security
> error in a static library can not be fixed unless all packages building
> against it are rebuilt too.
>
> If a user has a lot of locally compiled stuff in /usr/local or /opt
> (think large orgs with NFS-mounted apps servers) you make their life a
> security hell by including static libs in a distribution.
>
> So static libs make the distribution less modular. Get rid of them.
There's also a related issue in that some packages include some common
libraries as source in the upstream tarballs, and build against that
source by default. For example, in the gtkwave tarball, the zlib and
bzip2 libraries are included, so I had to edit the Makefile to get it to
link against the system versions of these libraries instead.
(see http://bugzilla.redhat.com/172579 for package review entry)
Not doing this would introduce the same problems as for static
libraries, and it's arguably less obvious an issue for a
packager/reviewer to spot.
Paul.
More information about the fedora-extras-list
mailing list