Jens Petersen wrote:
This has been in my mind for a while, but now I finally post it here:
I believe we're still shipping many static libs in -devel not least
in Core, which make our -devel packages rather heavy. I think the
vast majority of them are not needed or used really at all.
So they should just be removed. Some packages may have a --disable-static
configure option for example to help with this, or they can just be
deleted easily by hand in the %install section.
For the cases where it is still desirable or necessary to ship static libs,
I would suggest to move them from -devel into a separate -static
subpackage so that people who don't need them don't have to suffer
downloading and installing them.
Does this sound reasonable? Make any sense? :)
Comments and discussion welcome. What would be the best way to proceed?
Filing bugs against every package that ships static libs?
Furthermore would anyone be averse to the idea of making it policy to
explicitly note in spec files when static libs are used in such a way
that it is easy to do an automated search? Something simple like:
# Static Lib: libfoo
It is otherwise a huge PITA when a security hole is discovered and we
need to sweep the entire distro for static copies, like the huge zlib
mess we had a while back.
The majority of cases though we want to try to eliminate use of static
copies...
Warren Togami
wtogami@xxxxxxxxxx