On Thu, Feb 22, 2007 at 07:45:38PM -0500, Tom Horsley wrote: > > this zlib point clobbers one of my ideas for sure > Nah, not really. The next time it will be the shared lib that has the > security problem and two or three static linked programs survive > intact, then everyone will rush back to static linking. I think > the security thing is completely orthogonal. Err, what? That doesn't make any sense. The point is that the shared lib requires one small update, instead of auditing to find all programs that linked against the static library, what version they used, whether that version is vulnerable, etc., and then making an updated version of each entire affected package. -- Matthew Miller mattdm@xxxxxxxxxx <http://mattdm.org/> Boston University Linux ------> <http://linux.bu.edu/>
