Ville Skyttä wrote:
It's easy enough to change this and link the executables
dynamically, and I
haven't bothered to get any numbers to check the upstream claim. But I
suppose the primary security reason against static linkage doesn't really
apply that much when the executable and the lib are results from the same
package build, so I thought I'd ask if there are strong opinions on whether
this would be a valid exception to the no static linkage guideline or not
(none here).
I tend to agree that the primary reason for this is security and that
claim is not as strong in this case. I have two thoughts to toss out:
* Linking the utilities dynamically tests that dynamic linking works.
mono w/ libmono on ppc caught this problem (although we're currently
shipping that statically linked because F11 is too close and nothing
else in-distro currently embeds the mono runtime :-(
* If we allow this, reviewers and packagers will have to be careful
about deciding whether the package really is the canonical place for the
library. For instance, rsync builds against a private, slightly
modified version of zlib. zsync does the same thing. These should not
be allowed exceptions as the security concerns still apply.
Ralf's point about saving disk space is also a negative.
-Toshio