Re: Bits from the Testing Security team
On Mon, Oct 15, 2007 at 09:08:06PM +0200, Kurt Roeckx wrote:
> On Mon, Oct 15, 2007 at 08:48:02PM +0200, Nico Golde wrote:
> > Hi Ian,
> > * Ian Jackson <ian@davenant.greenend.org.uk> [2007-10-15 19:59]:
> > > Nico Golde writes ("Re: Bits from the Testing Security team"):
> > > > Yes, dpkg for example links statically against libbz2 and zlib just to
> > > > pick a famous example.
> > >
> > > IMO this is a mistake, and I hope it will be reversed soon ...
> >
> > quoting Adam Heath from #debian-devel:
> > 2007-10-15 18:07 <eigood> dpkg's configure has an option for using shared libraries or static linking
> > 2007-10-15 18:08 <eigood> for gzip, it can do a static library link, a dynamic library link, or a runtime fork/exec of gzip
> > 2007-10-15 18:08 <eigood> afaicr, when I did the patch
> > 2007-10-15 18:10 <eigood> the real reason, is dpkg used to only fork/exec gzip
> > 2007-10-15 18:11 <eigood> for efficiency, I gave it an option to link to zlib
> > 2007-10-15 18:11 <eigood> however, I didn't want to introduce another dependency into the base system
> > 2007-10-15 18:11 <eigood> so I made it link statically
>
> Current priority required pacakges having a (pre) depends on zlib1g:
> - util-linux
>
> Priority important:
> - gnupg
> - gpgv
> - libgnutls13
> - libopencdk10
> - libopencdk8
> - libssl0.9.8
> - man-db
>
> Standard:
> - libmagic1
> - openssh-client
> - pciutils
> - w3m
The same for libbz2-1.0 only returns gnupg.
Kurt
Reply to: