Subject: Re: pkgsrc sickness
To: Aaron J. Grier <agrier@poofygoof.com>
From: Greg A. Woods <woods@weird.com>
List: tech-pkg
Date: 08/21/2002 23:38:12
[ On Wednesday, August 21, 2002 at 15:25:39 (-0700), Aaron J. Grier wrote: ]
> Subject: Re: pkgsrc sickness
>
> On Wed, Aug 21, 2002 at 03:24:26PM -0400, Greg A. Woods wrote:
>
> > The better fix is to simply static-link any libraries provided by
> > other packages. Such programs not only have fewer run-time
> > dependencies, but they start up somewhat faster too (and a lot faster
> > if they're all static-linked! ;-).
>
> but in the case you really do indeed want to update a library systemwide
> due to security problems (a la openssl) is there an easy way to track
> down which versions of libraries the static programs were linked with?
Recompile. Or at least relink IFF you can guarantee the binary
compatability of your library's public interfaces. Build binary
packages and use them to upgrade muliple machines. If nobody can
guarantee the binary compatability then you have to recompile anyway,
regardless of whether you also do run-time linking or not.
This technique of using static linking has proven very effective and has
worked well for millions of people for several dozens of years now.
The drive to make everything under the sun dyamic all of the time is
foolish and misguided. Sometimes it might be a good idea, but I'm
beginning to re-discover that those times are far more rare than the
proponents of this kind of technology would seem to like us to believe.
Proper engineering seems to show that the performance and convenience
benefits of dynamic linking fall only within a rather narrow window, and
often the supposed convenience gains are way overridden by ongoing
performance costs.
--
Greg A. Woods
+1 416 218-0098; <g.a.woods@ieee.org>; <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>