libgpg-error0 and libgcrypt11: static linking or move from /usr/lib to /lib?
Hey,
in the cryptsetup package we currently link statically against libgcrypt11
and libgpg-error0. cryptdisks is run before mountall.sh, thus we cannot
depend on libraries which are are located in /usr/lib. in many systems
/usr is a seperate partition.
static linking has been a good solution in the past, but from a security
point of view it should be avoided.
if libgcrypt11 and libgpg-error0 libraries would be moved from /usr/lib
to /lib, dynamical linking would be an option. that's how it seems to be
done in ubuntu:
https://bugs.launchpad.net/ubuntu/+source/libgcrypt11/+bug/139635
what do you think? should we ask libgcrypt11 and ligpg-error0 maintainers
to move the libraries to /lib, or is it better to stay with static linked
libraries?
greetings,
jonas
Reply to: