Re: PW#5-11: Policy on stripping static libraries
joost@rulcmc.leidenuniv.nl (joost witteveen) writes:
> Sometimes one hears people say they need static binaries for security
> reasons
Static libraries are useful when you want to compile something for
people that might not be using a Debian system.
For example, I've recently heard that the Redhat maintainer of
libreadline decided to name it libreadline3 instead of libreadline2.1.
If I wanted to compile some software that used libreadline, I had
better statically link if I want everybody to be able to use it.
We should continue to provide static libraries. We really shouldn't
worry about the extra space they want. Hard drives are really cheap,
and static libraries are small (for example, my /usr/lib/*.a are an
average size of 357k).
With that said, there are several suggestions here for what to do with
the -dbg libraries. I'll try to summarize them.
1) Leave the symbols in the static libraries.
Advangages - very simple.
Disadvantages - -dbg code can't be coded in a special way (more
output, more checks), need to download source and use directory
command to tell gdb where it is.
2) Fabrizio's proposal
Advantages - gdb finds code easily, User doesn't have to download
code as a seperate file, code can be compiled with special checking
flags.
Disadvantages - wastes space on the ftp site, though since very few
libraries provide -dbg (which is fine), it's not much space.
Building -dbg libraries is (and will continue to be) optional. The
problem is that there are several different methods currently used. I
think we should hash out some policy so that all packages at least use
the same method.
Guy
Reply to: