Bug#555980: debian-policy: No policy on statically linked binaries
Bill Allombert <ballombe@debian.org> writes:
> On Sun, Nov 15, 2009 at 06:00:13PM -0800, Russ Allbery wrote:
>> This is the case that we're talking about here. In other words,
>> *entirely* static binaries. What you get with gcc -static.
> Thus I propose the attached patch.
> (I used 'must' instead of 'should' since the FTP masters are rejecting
> such packages). I explicitely mentionned the GNU C libraries.
> Binaries linked with some other C libraries are a completly different
> kind of fish.
Something of a pet peeve of mine in standards language is to have an
absolute requirement ("must") with a somewhat vague and subjective
exception. It's not that this is wrong, per se, but I feel like the
subjective exception and the absolute requirement cancel each other out.
Usually I argue for relaxing it to a should. In this case, I think we can
flesh out the exception somewhat better and preserve the must.
Binary executables must not be statically linked with the GNU C
library, since this prevents the binary from benefiting from
fixes and improvements to the C library without being rebuilt
and complicates security updates. This requirement may be
relaxed for binary executables whose intended purpose is to
diagnose and fix the system in situations where the GNU C
library may not be usable (such as system recovery shells or
utilities like ldconfig) or for binary executables where the
security benefits of static linking outweigh the drawbacks.
--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
Reply to: