On Fri, 2005-07-22 at 20:08 -1000, Warren Togami wrote: > Furthermore would anyone be averse to the idea of making it policy to > explicitly note in spec files when static libs are used in such a way > that it is easy to do an automated search? Something simple like: > > # Static Lib: libfoo This is then dependent on every packager knowing for certain every static lib that gets linked. I don't think that can be counted on... > It is otherwise a huge PITA when a security hole is discovered and we > need to sweep the entire distro for static copies, like the huge zlib > mess we had a while back. ... which means that we'd still have to do this and thus I'm not sure if it buys us much/anything. Jeremy
