lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


On Sun, Jul 06, 2014 at 06:24:03PM -0400, Sean Conner wrote:
>   So, why do distributions like shared libraries again?

The answer is simple.  Maintenance.  A shared object is useful to shares
bugs!

Let's imagine that a widespread piece of software is found to be buggy.
In a bad way.  Let's pick an example, not so hypothetical.  Openssl.
If your system ships openssl as a shared library, you update 1 package,
you push it to your mirrors, and you are relieved.
If you statically link openssl, 10 years later your system has still
some some vulnerable apps.
These things happen for real, they happen even with libraries that have
always been there, like zlib.  And a few years ago it took a very big
company *years* to fix it, just because they were making an exception
for it and they were statically linking it.

It may not be an issue for an ambedded system that ships 10 binaries,
you recompile all of them, you build a firmware image... you do that for
every product you have... a pain, but maybe you can live with it.

You simply can't scale if you ship 30K packages; just recompiling them
may take weeks one some architectures :-(

>   But shouldn't a distribution take care to make sure everything is handled
> properly and not break?  I'm confused here.

That is exactly what I'm trying to achieve.
-- 
Enrico Tassi