On Thu, 2007-02-22 at 17:06 -0500, Steve Friedman wrote: > On Thu, 22 Feb 2007, Tom Horsley wrote: > > > On Thu, 22 Feb 2007 10:59:16 -0800 > > "John P. Fisher" <john.fisher@xxxxxxxx> wrote: > > > >> 3) I guess if I could wave a wand, I'd have a set of common fundamental > >> libraries that get shared and maintain compatibility between distro > >> releases, and everything else would be handled by the applications > >> themselves. Maybe this is plain dumb, but it sure would be easier for me... > > > > I'd just have every single app have its very own versions of every library > > it needs with a reaper that runs around at low priority hard-linking > > the ones that are identical :-). > > > > > > Then you've forgotten the zlib security issues of only 5 years ago. A > security vulernability was found in a compression library common to over > 500 apps. Those that dynamically linked to zlib were patched with a > single upgrade; however, large numbers of apps had to be recompiled > because they statically linked to zlib. This was a *major* security > crisis -- and *many* apps/utilities switched to dynamic linking of zlib > (and other common libraries) to avoid this happening again. As a non-programmer, I'm ignorant of many of the issues involved, but why can't you say: "if you link against an external library, do it dynamically" as a rule of thumb? That way you could replace the library without needing to recompile. Unless you want to state for sure that no-one else will use your library, and not place it in a shared location, that is. -Don
