[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: dh_shlibdeps in = warnings; dh_shlibdeps out = cyclic dependency on self

On 9/6/05, Frank Küster <frank@debian.org> wrote:
> Justin Pryzby <justinpryzby@users.sourceforge.net> wrote:
> > Could someone else also comment on how applications should deal with
> > shared libraries which are not intended to be used by other programs?
> If they aren't used by other programs, there's no need to produce a
> library.  Perhaps it's convienient to create static libraries during
> compilation and link against these, but shared libraries are of no use.

there are two executables in the resulting package: qingy and
qingy-DirectFB, so probably the library is a good choice (but in the
same package.

> Note that I wrote "if they aren't used by other programs".  I didn't
> write "if they are not intended to be used", this is a different thing.
> If you have code in your project that fits other people's needs, they
> are going to use it.  If there is no shared library, they'll just copy
> the code.
> Don't let that happen.  xpdf has let this happen, and it makes up a
> medium-sized security nightmare: Everytime a security bug pops up in
> xpdf (and it does frequently),  a couple of packages which come with
> their own particular version of that code have to be
> - checked whether that version is vulnerable
> - checked whether in that version the patch for current xpdf is
>   sufficient to fix the issue
> - recompiled
> So it doesn't hurt to prepare your software for being a shared libray,
> and telling people that they should request that instead of copying your
> code.
> Regards, Frank
> --
> Frank Küster
> Inst. f. Biochemie der Univ. Zürich
> Debian Developer

"Imagination is more important than knowledge" A.Einstein

Reply to: