[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Fwd: Re: Why no Opera?

(Explicitly CCing Edward in the assumption he's not subscribed to this
list. The message I'm answering to is at
http://lists.debian.org/debian-devel/2007/09/msg00145.html . I'd like
to be CCed an followups, although subscribed.)

On Wed, Sep 05, 2007 at 09:38:14AM -0400, Roberto C. Sánchez wrote:
> On Wed, Sep 05, 2007 at 03:16:07PM +0200, Steffen Moeller wrote:
>> On Wednesday 05 September 2007 13:23:46 Edward Welbourne wrote:

>>> I'm confused.  Pierre appears to be saying "static is bad", Bruce
>>> "closed must be static".

>> There are multiple views on this.

> The problem runs a little deeper than that.

> Static linking is considered bad because it is a security
> nightmare. You now have extra copies of library code floating
> around. Dynamic linking is what the security team likes since it
> means that you only update the code once for the whole system.
> However, in the event that there is an update which makes the
> library non-binary compatible, then there is another problem.  That
> is, apps linking against it must be recompiled.  With a non-free
> product like opera, there would be ability for some well-meaning

Roberto meant "would *not* be ability", I presume.

> Debian Developer to NMU the package (since there is no source) or
> for a binNMU to take place if that could fix the problem.

(That is in the context of a security problem in a library,

> Additionally, static linking destroys any memory utilization benefit of
> library code. (...)

> One possible solution would be for Opera to produce a "source"
> package of unlinked binary object files.  This would allow relinking
> against new versions of the libraries (at least in most cases)
> without the need for access to the source.

This is already legally required anyway, assuming you link with LGPL
code: section 6 of LGPL 2.1. Putting it in a Debian "source package"
would only put it in a most convenient form for your users.

> However, I tend to be in agreement with others on this list that the
> best solution would be a Free software release of Opera.

AOL, obviously ;-)


Reply to: