Garrick Staples wrote:
On Wed, Jan 09, 2008 at 02:00:13PM +1300, Clint Dilks alleged:
*snip*
The '-static' means that the linker needs to find a static library archive to
create a static executable. That means it wants to find /usr/lib/libmhash.a.
Without the '-static', it would look for the shared library, libmhash.so.
The mhash-devel package doesn't contain libmhash.a, so your test linking fails.
It has been fedora/upstream policy for while to discourage the packaging of
static archive files. I'm sure the Fedora wiki has a page explaining why, but
I'm too lazy to find it right now.
I don't know what reasons the wiki gives, but if a bug (security or
other) exists in a library and you statically link against it, then when
that bug is fixed - you have to rebuild all apps that linked against
the static lib or they will continue to contain the bug even, even when
the library is updated. With shared libraries, that isn't an issue. With
shared libraries, updating the library is all you need to do.
zlib I believe was a real world example of this - some years ago (red
hat 5 ??), zlib was found to have a bug that could potentially be
exploited. A lot of apps linked against the static library. Even after
zlib had been updated, those apps were still vulnerable until they were
recompiled.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
