Jesse Keating (jkeating(a)redhat.com) said:
For the case where you have some shared, some static with matching
shared, and some static only:
If you put the static only in -devel, we can't reasonably detect all the
things that link against the static library. We'd have to investigate
anything that BRs the -devel package. If you put the static only in
with the other statics in -static you then have all the statics in the
chroot and run the risk that spot talks about of accidentally statically
linking to things that have shared alternatives.
The only way this can happen (AFAIK) is if they're linked by:
- explicitly listing %{_libdir}/libfoo.a on the link line
- explicitly passing -Wl,-bstatic
Either of these things should be auditable.
Bill