On Wed, Apr 22, 2020 at 02:19:19PM -0400, Michael Orlitzky wrote: > How do you plan to update all of your programs when there's a security > vulnerability in, say, OpenSSL?
Hm. And why we need every package to be statically linked? I told just that static linking is a good and useful feature. Moreover, what the problem to rebuild all dependant packages? And yet, please don't tell about this imaginary advantage of shared objects. Because, this is in the same time and disadvantage too - we can just in ONE action supply a new security vulnerability to ALL software that use openssl shared object. Because all code has bugs :-). And if we talk about security code that moment is significant and should be considered carefully. So, we can say that for non-security software shared object can be used thoughtlessly and everywhere. But even here it's not so simple. Shared object is slow and consume more ram if we have many instances of our software running than statically linked version(thanks to sharing of common .text segments between all instances of a single program). And plan9 experience told us that for something that used by many programs(like openssl) it better to use services than shared object(in plan9 this implemented with help of "file servers"). Shared object isn't a holly cow. And please let's not be fanatics. -- Олег Неманов (Oleg Nemanov)
