Am Mon, 01 Feb 2010 15:14:27 +0100 schrieb Jan de Groot <jan@xxxxxxxxxxxxxx>: > If a program is built static against an insecure library, upgrading > the insecure library means the static binary is still vulnerable. > That's what Allan means. Well, that's obvious. > When we switch to glibc-based initramfs, there shouldn't be any need > for static compiled binaries anymore, ever. Do you know, when this is planned? Nevertheless I don't think that this is always the choice of a package maintainer because if a software still requires statical libraries because upstream decides so like fbsplash then this hasn't much to do with the initramfs. I don't think that upstream cares much about an initramfs of a specific distro. But maybe I can ask spock to build a package without statical linking if this is possible in this case. But until then the static libraries are at least in some cases necessary. > Static libraries are bad. Besides taking up diskspace, they're just > bad to use. Ulrich Drepper has a nice PDF about this. Do you have a link to this PDF? Greetings, Heiko
