Dumitru Moldovan <du...@gmx.com> writes:
> On Tue, Jul 14, 2020 at 03:44:18PM -0000, Stuart Henderson wrote: >>On 2020-07-14, Christian Weisgerber <na...@mips.inka.de> wrote: >>> Old versions of libraries are innocuous. They will simply be >>> ignored. >> >>Until you run out of disk space, which is fairly easy in /usr if you >>installed a couple of releases ago and took the auto disklabel defaults. > > Another issue with potential security implications: suppose you have > built something that linked to old library versions laying around on > disk. And suppose a security issue affects one of the old libs, > with implications for your binaries linked to it. You won't even be > aware of it. This only applies to stuff you compiled on your own, so I guess its fair that you are on your own. (I do that too, but only for stuff I develop) > My take is to purge old libs after every new release. Once, I had to do > it in the middle of a version upgrade, because there was no space left > on disk to complete it. My fault only, I had a very tight custom > partitioning layout. I don't think it's that easy. One case it comes to mind it's that there's a short window after an update and between `pkg_add -u` where you're running a new system but with old ports. Your entire system (except base stuff) would break if you remove the libraries. There may be more edge cases like this. My take is to doing a full reinstall once in a while (that also helps me reorder my files and adjust partition sizes.)
