Summary/Minutes from today's FESCo Meeting (2015-10-07)
ajax at redhat.com
Mon Oct 12 14:18:56 UTC 2015
On Sat, 2015-10-10 at 01:51 +0200, Kevin Kofler wrote:
> * Scanning binary packages for conflicting symbols does not work either
> because they are only a problem if the conflicting libraries get dragged
> into the same executable at runtime.
You can compute this statically. You know the DT_NEEDED tree for every
dynamic object. For applications that don't call dlopen (themselves or
in their dependencies), that's good enough, any instance of two
conflicting libraries in the same tree is a bug. For callers of dlopen
you also add every possible plugin they might load to the tree. In any
case you may get false positives, but you'll get no false negatives.
The rest of your argument reduces to "we haven't written the tool to do
that yet", which, fair enough, but we're talking maybe 500 lines of
python, and an optional and small amount of package metadata to trim
the false-positive tree for dlopen. If you consider that scale of
problem to be a "giant scary minefield" I'm not sure we have common
grounds for communication.
More information about the devel