Re: libnss-db and /usr/lib/* libraries

[Henrique de Moraes Holschuh <hmh@debian.org>]

On Thu, 11 Aug 2005, Piotr Roszatycki wrote:
> Hi. The problem is important not only for libnss-db package but also for 
> libnss-ldap, libnss-mysql and others.
> 
> $ ldd /usr/lib/libnss_db.so.2 | grep /usr
>         libdb-4.3.so => /usr/lib/libdb-4.3.so (0xb7e10000)

Well, IMHO anything used by libnss needs to either be statically linked (and
make 200% sure that:
  1. you *WILL* update next-day it if security fixes or other major updates
     to any of the statically linked libraries are released -- this is a
     total pain.
  2. any dynamic libraries needed are in /lib, and *all* of them use 
     versioned symbols
  3. all of the nss module AND static AND dynamic libs are thread-safe AND
     reentrant-safe
)

Otherwise you have a critical bug in the system, waiting to happen.
If you can't get all of the above to be true, it is time to remove that
particular libnss module from Debian.

libnss modules are *extremely* critical to the system.  They are implicitly
linked to *EVERY* running binnary that is linked against libc (instead of,
say, dietlibc).

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh