Re: Fwd: Re: Why no Opera?

To: Lionel Elie Mamane <lionel@mamane.lu>
Cc: debian-devel@lists.debian.org, eddy@opera.com
Subject: Re: Fwd: Re: Why no Opera?
From: Roberto C. Sánchez <roberto@connexer.com>
Date: Thu, 6 Sep 2007 09:21:10 -0400
Message-id: <[🔎] 20070906132110.GZ14980@miami.connexer.com>
Mail-followup-to: Lionel Elie Mamane <lionel@mamane.lu>, debian-devel@lists.debian.org, eddy@opera.com
In-reply-to: <[🔎] 20070906122725.GA10779@capsaicin.mamane.lu>
References: <200709051025.23448.johanh@opera.com> <[🔎] E1ISsz4-0007fz-5k@whorl> <[🔎] 200709051516.08923.steffen_moeller@gmx.de> <[🔎] 20070905133814.GO14980@miami.connexer.com> <[🔎] 20070906122725.GA10779@capsaicin.mamane.lu>

On Thu, Sep 06, 2007 at 02:27:25PM +0200, Lionel Elie Mamane wrote:
> (Explicitly CCing Edward in the assumption he's not subscribed to this
> list. The message I'm answering to is at
> http://lists.debian.org/debian-devel/2007/09/msg00145.html . I'd like
> to be CCed an followups, although subscribed.)
> 
> On Wed, Sep 05, 2007 at 09:38:14AM -0400, Roberto C. Sánchez wrote:
> > On Wed, Sep 05, 2007 at 03:16:07PM +0200, Steffen Moeller wrote:
> >> On Wednesday 05 September 2007 13:23:46 Edward Welbourne wrote:
> 
> >>> I'm confused.  Pierre appears to be saying "static is bad", Bruce
> >>> "closed must be static".
> 
> >> There are multiple views on this.
> 
> > The problem runs a little deeper than that.
> 
> > Static linking is considered bad because it is a security
> > nightmare. You now have extra copies of library code floating
> > around. Dynamic linking is what the security team likes since it
> > means that you only update the code once for the whole system.
> > However, in the event that there is an update which makes the
> > library non-binary compatible, then there is another problem.  That
> > is, apps linking against it must be recompiled.  With a non-free
> > product like opera, there would be ability for some well-meaning
> 
> Roberto meant "would *not* be ability", I presume.
> 
Quite right.  My brain works faster than I can type.

> > Debian Developer to NMU the package (since there is no source) or
> > for a binNMU to take place if that could fix the problem.
> 
> (That is in the context of a security problem in a library,
> naturally.)
> 
> > Additionally, static linking destroys any memory utilization benefit of
> > library code. (...)
> 
> > One possible solution would be for Opera to produce a "source"
> > package of unlinked binary object files.  This would allow relinking
> > against new versions of the libraries (at least in most cases)
> > without the need for access to the source.
> 
> This is already legally required anyway, assuming you link with LGPL
> code: section 6 of LGPL 2.1. Putting it in a Debian "source package"
> would only put it in a most convenient form for your users.
> 
Right.  My point was that distributing it in such a fashion might
address some of the concerns (though not all, of course) about having
something like Opera even in non-free.

Regards,

-Roberto

-- 
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: Fwd: Re: Why no Opera?
  - From: Edward Welbourne <eddy@opera.com>

References:
- Re: Fwd: Re: Why no Opera?
  - From: Edward Welbourne <eddy@opera.com>
- Re: Fwd: Re: Why no Opera?
  - From: Steffen Moeller <steffen_moeller@gmx.de>
- Re: Fwd: Re: Why no Opera?
  - From: Roberto C. Sánchez <roberto@connexer.com>
- Re: Fwd: Re: Why no Opera?
  - From: Lionel Elie Mamane <lionel@mamane.lu>

Prev by Date: Re: Fwd: Re: Why no Opera?
Next by Date: Re: US mirror troubles
Previous by thread: Re: Fwd: Re: Why no Opera?
Next by thread: Re: Fwd: Re: Why no Opera?
Index(es):
- Date
- Thread