Tom Horsley wrote:
On Thu, 22 Feb 2007 19:49:51 -0500
Matthew Miller <mattdm@xxxxxxxxxx> wrote:
Err, what? That doesn't make any sense. The point is that the shared lib
requires one small update
One small update which could just as easily introduce a security problem
into every dynamically linked app as fix one.
Good point!
I have seen a recent problem with zlib crippling a high number of
packages because of a problem. (fixed by running ldconfig and fixed
quickly in the zlib package with the next update).
Some other poster referred to a security flaw when the lib was static
and within individual programs.
If the flaw does not change the interface ability to use the dynamic
library, it would be easier to only have to fix the problematic library.
If it changed the way programs need to interface with the library,
static or dynamic would both be a nightmare to resolve the issues.
I don't think this issue has much to do with ESR (whoever he may be, not
known by me.) though.
Jim
--
Excellent time to become a missing person.
