Hello, Do the "no static linking" rules apply equally also to cases where the lib and the executable packaged are from the same package build? I'm packaging xz and intend to ship only shared libs, executables and devel files as usual, but upstream likes to link the executables statically with the rationale (liblzma comes from the same package, linkage would be done against the non-shipped static liblzma created during the build): ## Always link the command line tool statically against liblzma. It is ## faster on x86, because no need for PIC. We also have one dependency less, ## which allows users to more freely copy the xz binary to other boxes. It's easy enough to change this and link the executables dynamically, and I haven't bothered to get any numbers to check the upstream claim. But I suppose the primary security reason against static linkage doesn't really apply that much when the executable and the lib are results from the same package build, so I thought I'd ask if there are strong opinions on whether this would be a valid exception to the no static linkage guideline or not (none here). -- Fedora-packaging mailing list Fedora-packaging@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-packaging
