Re: dh_shlibdeps in = warnings; dh_shlibdeps out = cyclic dependency on self
Justin Pryzby <justinpryzby@users.sourceforge.net> wrote:
> Could someone else also comment on how applications should deal with
> shared libraries which are not intended to be used by other programs?
If they aren't used by other programs, there's no need to produce a
library. Perhaps it's convienient to create static libraries during
compilation and link against these, but shared libraries are of no use.
Note that I wrote "if they aren't used by other programs". I didn't
write "if they are not intended to be used", this is a different thing.
If you have code in your project that fits other people's needs, they
are going to use it. If there is no shared library, they'll just copy
the code.
Don't let that happen. xpdf has let this happen, and it makes up a
medium-sized security nightmare: Everytime a security bug pops up in
xpdf (and it does frequently), a couple of packages which come with
their own particular version of that code have to be
- checked whether that version is vulnerable
- checked whether in that version the patch for current xpdf is
sufficient to fix the issue
- recompiled
So it doesn't hurt to prepare your software for being a shared libray,
and telling people that they should request that instead of copying your
code.
Regards, Frank
--
Frank Küster
Inst. f. Biochemie der Univ. Zürich
Debian Developer
Reply to: