On 09/12/2016 01:42 PM, Jakub Wilk wrote: > * Bálint Réczey <balint@balintreczey.hu>, 2016-09-12, 13:21: >>> Reading up on the subject so far, I got the impression that most >>> static libraries should be built with PIE, but not necessarily PIC >>> (to allow building PIE(xecutable)s, but discourage creating shared >>> libraries from those static ones.) > > How does it discourage creating shlibs? AFAIUI it's impossible to build a PIC-enabled shared library from a PIE-enabled static one. That may be an intentional effect (from a packager's view). Granted, building a non-PIC shared library would still be possible from that static library, I guess, so this isn't bullet-proof. However, using a static library to build a shared one hopefully isn't a terribly frequent use case, anyways (in most cases you should better just use the original shared library). (This argument had nothing to do with shipping shared vs static libraries in Debian packages, nor the fact that we often have to compile things twice.) I guess my point mainly is that for static libraries, I currently see valid use cases for all of the three variants: no-nothing-enabled, PIE and PIC. Justification for the first case seems to vanish with time, while the policy currently mandates it (modulo discussion on this list). Regards Markus Wanner
Attachment:
signature.asc
Description: OpenPGP digital signature