Dnia 22-11-2006, śro o godzinie 12:10 -0500, Jakub Jelinek napisał(a): > If you want bit-reproduceable results, you can equally well > just stick the shared libraries you need into the same directory as the > program This way you still don't upgrade a library to the bug-free version if you don't remember about that. You save compiling time, true. But you still have to remember, which library has to be copied (instead of linked in). I thought the main point of the discussion was the security issues raising when someone forgets to relink some program. > and run it as > ./ld-linux*.so.2 --library-path . ./the_numerical_program arguments This leads to users having LD_LIBRARY_PATH set to ".", which is a huge security risk by itself (and many times greater than staticly linked programs, IMO). Don't tell me users will use your hard to remember and type line - there'll be tens of howtos suggesting LD_LIBRARY_PATH=. everywhere in the Internet if you do that. I'm for making -devel-static packages and sticking with the policy of discouraging, not disallowing compiling programs as static. Lam
Attachment:
signature.asc
Description: To jest =?UTF-8?Q?cz=C4=99=C5=9B=C4=87?= listu podpisana cyfrowo
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
