On Mon, Jan 09, 2012 at 11:35:56AM -0800, Fernando de Oliveira wrote: > > I would like to know if the choice "--enable-shared --disable-static" is > safe, and what are the consequences of "--disable-nis". > Noting your $subject, you do realise that in blfs you are responsible for your own security ? Your distro, your rules. From time to time I have updateid packages in blfs to fix known vulnerabilities. But the lack of interest in that caused me to devote my time to other things. Now that I'm back here (I still run systems based on blfs, so I need parts of it to work!), I won't be going out of my way to do update the book to fix known vulnerabilities (unlike my own systems).
For --enable-shared --disable-static : anything linked to this will be linked to the shared library, so if you later update it (for same major version) to fix an as-yet-unknown vulnerability, or to provide better functionality, you don't have to recompile its users. Also, you don't have to *find* the users (e.g. for static nettle, I'm build-testing NetworkManager on one of my machines where nettle was only built statically : as well as gnutls, it turns out that everything linked to gnutls - hence NetworkManager - needs the static libnettle (and presumably libhogweed - at that point I rebuilt nettle and its existing users for a shared lib). If you don't care about security (people do build lfs, and perhaps some of blfs, without caring), then I doubt that this pair of options will adversely impact anything. If you do care about security - "What's not to like ?" (barring Bruce's comments on using a static lib for coding to ensure it doesn't break underneath you - see lfs-dev). And for --disable-nis : if you don't intend to use nis the result is positive : you can compile the package with current glibc. Like Bruce, I don't use PAM. It appears to me to be something that needs a lot more effort (to set it up *correctly*) than I'm willing to offer it. ĸen -- das eine Mal als Tragödie, das andere Mal als Farce -- http://linuxfromscratch.org/mailman/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
