Re: raising an issue about static linking policy

[Ben Hutchings <ben@decadent.org.uk>]

On Fri, 2014-08-29 at 05:18 +0200, Kurt Roeckx wrote:
[...]
> - I really don't understand Linus' comment about the binary
>   compatibility.  The problem is that libgit does not provide
>   binary compatibility, while most libraries do try to provide
>   the ABI compatible and that we have various ways of dealing
>   with the problem if the ABI gets changed. *We* are not throwing
>   sanity away, we are trying to bring sanity.

If a distribution provides a shared library and the library ABI keeps
changing, any application that is built by the end user and linked to
the shared library will keep breaking and will need to be rebuilt.

But if we're packaging the application too, we would always rebuild the
package for an ABI change, and if it is statically linked to the library
we would want to rebuild it for *every* change to the library.

So if a library has an unstable ABI, dynamic linking is still slightly
preferable for packaged applications, but static linking is preferable
for unpackaged applications.  I think.

[...]
> - Static linking is a security nightmare, as are embedded copies
>   of libraries.  It creates additional work and it's not clear
>   which applications are all affected.

The Built-Using field should record that.

Ben.

-- 
Ben Hutchings
If you seem to know what you are doing, you'll be given more to do.