Control: retitle -1 fmtlib: static library should be compiled with -fPIC Control: tags -1 + confirmed pending
Hello, On 09.10.2017 15:15, Boyuan Yang wrote: > I saw that your recommendation is to use the static library provided. I think > that may not be best practice. I agree it's not. However, fmtlib changed its major version 4 times in the last 2½ years, so considering its small size and relative unstability (so far) the package doesn't provide a shared library right now. In version 4 there are less breaking changes than before, so I'll re-evaluate whether to add a shared library later in the release cycle. > As you might already know, Debian don't really recommend using static > libraries. Especially after the beginning of hardening efforts in Debian [2], > using static libraries while building hardened binaries will encounter > problem > that the static library is not built with -fPIC. This is the current case for > fcitx5 using fmtlib. Good point. The code should be definitely built with -fPIC. Thank you for the report, will be fixed in the next upload. Regards, -- Eugene V. Lyubimkin aka JackYF C++ GNU/Linux userspace developer, Debian Developer