Subject: Re: pkgsrc sickness
To: Aaron J. Grier <>
From: David Laight <>
List: tech-pkg
Date: 08/22/2002 00:26:53
On Wed, Aug 21, 2002 at 03:25:39PM -0700, Aaron J. Grier wrote:
> On Wed, Aug 21, 2002 at 03:24:26PM -0400, Greg A. Woods wrote:
> > The better fix is to simply static-link any libraries provided by
> > other packages.  Such programs not only have fewer run-time
> > dependencies, but they start up somewhat faster too (and a lot faster
> > if they're all static-linked! ;-).
> but in the case you really do indeed want to update a library systemwide
> due to security problems (a la openssl) is there an easy way to track
> down which versions of libraries the static programs were linked with?

No! Well not since netbsd doesn't leave the #ident lines in all
its binaries.

A bug in a library routine is MUCH easier to fix if the library
is shared.  Years ago we had a problem with file locking in the
utmp/utmpx routines.  Unfortunately these were always statically
linked (for, IMHO, an incorrect reason) and tracking down all
the culprits took a while.
If they had been dynamically linked the fix would have been
much easier.


David Laight: