Re: Bits from the Testing Security team
On 16/10/2007 Reinhard Tartler wrote:
> >> Well, I would consider statically linking a non embedded (i.e. a packaged)
> >> library a bug... Are there known cases where this is a required condition?
> > cryptsetup is statically linked against libgcrypt and libgpg-error, as
> > both are in /usr/lib, and relying on a mounted /usr is not an option for
> > cryptsetup.
> What are the reasons not to move openssl, libgcrypt and libgpg-error
> from /usr to /?
I don't know, but according to FHS they should be moved:
"The /lib directory contains those shared library images needed to boot
the system and run the commands in the root filesystem, i.e. by binaries
in /bin and /sbin." 
"/usr/lib includes object files, libraries, and internal binaries that
are not intended to be executed directly by users or shell scripts." 
cryptsetup is at least one binary in /sbin which depends on libgcrypt
and libgpg-error. If i got it right, that should be enough to move the
libs to /lib, correct?
Maybe I should file withlist bugs, and stop building cryptsetup
statically as soon as the libs have been moved...