proposal to remove static libs from -devel packages for FC5
Ralf Corsepius
rc040203 at freenet.de
Thu Jul 28 12:29:07 UTC 2005
On Thu, 2005-07-28 at 07:05 -0400, Daniel Veillard wrote:
> On Fri, Jul 22, 2005 at 08:08:17PM -1000, Warren Togami wrote:
>
> Now multiply by the number of library we ship, to me you annoy the user
> and the maintainers.
>
> I really disagree with this myself.
Then let me turn your remark around into a devel's advocate question:
Which packages in all RH based distributions (FC, FE, etc.) are
statically linked against libxml and therefore will be subject to the
vulnerability that allows arbitrary users to become root by parsing
xml-files, to be discovered, tomorrow?
Ralf
More information about the Fedora-maintainers
mailing list