Tom Horsley wrote:
On Thu, 22 Feb 2007 19:49:51 -0500 Matthew Miller mattdm@mattdm.org wrote:
Err, what? That doesn't make any sense. The point is that the shared lib requires one small update
One small update which could just as easily introduce a security problem into every dynamically linked app as fix one.
Good point!
I have seen a recent problem with zlib crippling a high number of packages because of a problem. (fixed by running ldconfig and fixed quickly in the zlib package with the next update). Some other poster referred to a security flaw when the lib was static and within individual programs. If the flaw does not change the interface ability to use the dynamic library, it would be easier to only have to fix the problematic library. If it changed the way programs need to interface with the library, static or dynamic would both be a nightmare to resolve the issues.
I don't think this issue has much to do with ESR (whoever he may be, not known by me.) though.
Jim