On Fri 14 Jan 2011 at 06:07:37 PST Pete French wrote:
I recently wanted to use libdespatch, but I found that the port
didn't install the static libraries. I filed a PR, and found out
from the reponse that this was deliberate, and that a number of
other ports were deliberately excluding static libraries too. Some
good reasons where given, which I wont reporduce here,
as you can read them at: http://www.freebsd.org/cgi/query-pr.cgi?pr=151306
Interesting reading.
One thing bothers me, however, about the reasons given against static
linking.
Surely, if a port statically links to a library, it calls out that
library on a LIB_DEPENDS line and the dependency is reflected in the
package database? So, if a security issue comes up with the library, it
wouldn't be difficult to flag the dependent port as one that needs to be
recompiled using the newly-patched library?
The user only gets the patches to the shared library after he reads and
responds to the security notice, or when he's doing a normal update of
his ports. Correct? Well then, what's different about the scenario
when it's a static library?
What am I missing here?
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
