Re: dh_shlibdeps in = warnings; dh_shlibdeps out = cyclic dependency on self
On 9/6/05, Frank Küster <frank@debian.org> wrote:
> Justin Pryzby <justinpryzby@users.sourceforge.net> wrote:
>
> > Could someone else also comment on how applications should deal with
> > shared libraries which are not intended to be used by other programs?
>
> If they aren't used by other programs, there's no need to produce a
> library. Perhaps it's convienient to create static libraries during
> compilation and link against these, but shared libraries are of no use.
there are two executables in the resulting package: qingy and
qingy-DirectFB, so probably the library is a good choice (but in the
same package.
> Note that I wrote "if they aren't used by other programs". I didn't
> write "if they are not intended to be used", this is a different thing.
> If you have code in your project that fits other people's needs, they
> are going to use it. If there is no shared library, they'll just copy
> the code.
>
> Don't let that happen. xpdf has let this happen, and it makes up a
> medium-sized security nightmare: Everytime a security bug pops up in
> xpdf (and it does frequently), a couple of packages which come with
> their own particular version of that code have to be
>
> - checked whether that version is vulnerable
>
> - checked whether in that version the patch for current xpdf is
> sufficient to fix the issue
>
> - recompiled
>
> So it doesn't hurt to prepare your software for being a shared libray,
> and telling people that they should request that instead of copying your
> code.
>
> Regards, Frank
> --
> Frank Küster
> Inst. f. Biochemie der Univ. Zürich
> Debian Developer
>
>
--
Regards,
EddyP
=============================================
"Imagination is more important than knowledge" A.Einstein
Reply to: