Subject: Re: pkgsrc sickness
To: Aaron J. Grier <firstname.lastname@example.org>
From: David Laight <email@example.com>
Date: 08/22/2002 00:26:53
On Wed, Aug 21, 2002 at 03:25:39PM -0700, Aaron J. Grier wrote:
> On Wed, Aug 21, 2002 at 03:24:26PM -0400, Greg A. Woods wrote:
> > The better fix is to simply static-link any libraries provided by
> > other packages. Such programs not only have fewer run-time
> > dependencies, but they start up somewhat faster too (and a lot faster
> > if they're all static-linked! ;-).
> but in the case you really do indeed want to update a library systemwide
> due to security problems (a la openssl) is there an easy way to track
> down which versions of libraries the static programs were linked with?
No! Well not since netbsd doesn't leave the #ident lines in all
A bug in a library routine is MUCH easier to fix if the library
is shared. Years ago we had a problem with file locking in the
utmp/utmpx routines. Unfortunately these were always statically
linked (for, IMHO, an incorrect reason) and tracking down all
the culprits took a while.
If they had been dynamically linked the fix would have been
David Laight: firstname.lastname@example.org