On Mon, Sep 23, 2019 at 10:47:40AM +0200, Jan Engelhardt wrote: > > On Sunday 2019-09-22 09:09, Pablo Neira Ayuso wrote: > > >> > src/linenoise.c | 1201 +++++++++++++++++++++++++++++++++++++++++++ > >> > >> That seems like a recipe to end up with stale code. For a distribution, > >> it's static linking worsened by another degree. > >> > >> (https://fedoraproject.org/wiki/Bundled_Libraries?rd=Packaging:Bundled_Libraries) > > > >I thought this is like mini-gmp.c? Are distributors packaging this as > >a library? > > Yes; No. > > After an update to a static library, a distro would have to rebuild > dependent packages and then distribute that. Doable, but cumbersome. > > But bundled code evades even that. If there is a problem, all instances > of the "static library" would need updating. Doable, but even more cumbersome. > > Basically the question is: how is NF going to guarantee that linenoise (or > mini-gmp for that matter) are always up to date? It seems to me that mini-gmp.c was designed to be used like we do. For the linenoise case, given that there's already a package in Fedora, I'm fine to go for AC_CHECK_LIB([linenoise], ...) and _not_ including the copy in our tree. Probably other distributions might provide a package soon for this library.
