[linux-elitists] distributing software securely (was: DJB ruckus du jour)
Thu Nov 14 10:07:45 PST 2002
commence Magnus Bodin quotation:
> On Thu, Nov 14, 2002 at 07:55:18AM -0800, john spurling wrote:
>> > And draw your own conclusions about external dependencies and the
>> > minimization of risk.
>> djb did not invent static linking. behold:
> I checked the code. djbdns is not linked statically.
> It simply uses fewer external libraries.
> So the conclusion is?
Many of the "extra" libraries are ISC-provided and therefore not
exactly "external". Looking at the Debian package info, it seems that
these libraries are in fact part of the bind9 source.
$ apt-cache show liblwres1 libdns5 libisc4 libisccc0 libisccfg0 \
| grep ^Source | uniq
liblwres.so.1 => /usr/lib/liblwres.so.1 (0x40026000)
libdns.so.5 => /usr/lib/libdns.so.5 (0x40034000)
libisccfg.so.0 => /usr/lib/libisccfg.so.0 (0x401e4000)
libisccc.so.0 => /usr/lib/libisccc.so.0 (0x401f3000)
libisc.so.4 => /usr/lib/libisc.so.4 (0x401fb000)
The rest of the libraries are part of glibc.
[|] Sean Neakums | Questions are a burden to others;
[|] <email@example.com> | answers a prison for oneself.
More information about the linux-elitists