Michael Schwendt wrote: > On Wed, 7 Jun 2006 09:04:36 -0600, Kent E Yoder wrote: > >>> No application should ever dlopen the non-versioned .so at run-time. If >> it >>> does, it needs to be patched. An application is built for a specific >>> API/ABI and must not expect an arbitrary .so to be the right one. >> You are absolutely correct under normal circumstances, but this is a bit >> of a special case. libopencryptoki.so implements the PKCS#11 API, which >> is designed to be used in exactly this way. PKCS#11 apps routinely provide >> a way for you to specify which PKCS#11 API .so you'd like to use. This is >> because different PKCS#11 implementations *should* be interchangeable, >> since they each provide the same API, but may support different hardware >> under the covers. In fact, fedora already ships one such program with the >> opensc package, "pkcs11-tool". > > Well, then this is the kind of reply the reviewer should get, which > explains why the .so is not in the -devel package. > > However, it would be better if these plugin DSOs were located in a special > directory and not in standard library search path. > As is done with ctapi DSO's which work essentially the same, I feel like I'm beating a dead horse here, please take a look at the ctapi-cyberjack review: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=188369 Which has this fixed exactly as you suggest by putting them in a special dir while still providing a way for apps to find them. Regards, Hans -- fedora-extras-list mailing list fedora-extras-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-extras-list
