Re: dh_shlibdeps in = warnings; dh_shlibdeps out = cyclic dependency on self
On 9/6/05, Frank Küster <firstname.lastname@example.org> wrote:
> Justin Pryzby <email@example.com> wrote:
> > Could someone else also comment on how applications should deal with
> > shared libraries which are not intended to be used by other programs?
> If they aren't used by other programs, there's no need to produce a
> library. Perhaps it's convienient to create static libraries during
> compilation and link against these, but shared libraries are of no use.
there are two executables in the resulting package: qingy and
qingy-DirectFB, so probably the library is a good choice (but in the
> Note that I wrote "if they aren't used by other programs". I didn't
> write "if they are not intended to be used", this is a different thing.
> If you have code in your project that fits other people's needs, they
> are going to use it. If there is no shared library, they'll just copy
> the code.
> Don't let that happen. xpdf has let this happen, and it makes up a
> medium-sized security nightmare: Everytime a security bug pops up in
> xpdf (and it does frequently), a couple of packages which come with
> their own particular version of that code have to be
> - checked whether that version is vulnerable
> - checked whether in that version the patch for current xpdf is
> sufficient to fix the issue
> - recompiled
> So it doesn't hurt to prepare your software for being a shared libray,
> and telling people that they should request that instead of copying your
> Regards, Frank
> Frank Küster
> Inst. f. Biochemie der Univ. Zürich
> Debian Developer
"Imagination is more important than knowledge" A.Einstein