proposal to remove static libs from -devel packages for FC5
Jeremy Katz
katzj at redhat.com
Mon Jul 25 15:58:22 UTC 2005
On Fri, 2005-07-22 at 20:08 -1000, Warren Togami wrote:
> Furthermore would anyone be averse to the idea of making it policy to
> explicitly note in spec files when static libs are used in such a way
> that it is easy to do an automated search? Something simple like:
>
> # Static Lib: libfoo
This is then dependent on every packager knowing for certain every
static lib that gets linked. I don't think that can be counted on...
> It is otherwise a huge PITA when a security hole is discovered and we
> need to sweep the entire distro for static copies, like the huge zlib
> mess we had a while back.
... which means that we'd still have to do this and thus I'm not sure if
it buys us much/anything.
Jeremy
More information about the Fedora-maintainers
mailing list