Re: Intend to create an -fPIC library package...
On 2009-07-21 Wouter Verhelst wrote:
> On Tue, Jul 21, 2009 at 12:40:17AM +0200, Christian Hammers wrote:
> > Am Mon, 20 Jul 2009 23:18:23 +0100
> > schrieb Roger Leigh <firstname.lastname@example.org>:
> > > If other libraries are including this library, then why is libmysqld
> > > not being provided as a properly-versioned shared object?
> > Upstream, in this case Monty himself, seems to explicitly want it to be
> > a static library for performance reasons as I read from the discussion
> > in: http://lists.mysql.com/internals/35950
> In that case, and if we do indeed want to support this static library
> interface, indirect users of libmysqld.a should link to it when they
> compile their software. Shared libraries can in fact use symbols from
> the 'main' program if they're compiled in like that -- except that, of
> course, these shared libraries then depend on the assumption that the
> static library does not change its ABI, and they have no way at all to
> ensure that.
First, thanks for the long answer, Wouter!
To wrap it up:
* static libraries are a PITA in case of security problems
* static libraries are a PITA for other projects as they have no versions
* shared libraries with self chosen soname or --release= versions are even
PITA as I, as a maintainer, surely won't watch for ABI breakages
* MySQL is a ... :)
As I don't care much and the Amarok team asked to provide a -fPIC version my
plan is to provide both a static and a pic version to them but in different
packages so that in case of a security problem the relevant packages with
build-deps can be identified, after which it's their maintainers problem to
provide a DSA as well. If the Security-Team or Release Managers clearly
reject this, I remove the packages again until the Amarok'ers have come to
agreement with them on what's acceptable for Debian.