On 2/10/20 5:02 AM, Felixoid via aur-general wrote: > Hello, dear TUs and Arch developers. > > I'd like to ask relative the package clickhouse-static[1]. The > officially supported way to build ClickHouse binaries is static > linking[2]. And my question: is it possible that the package with the > current building structure (getting contribs like submodules in > upstream, static linking etc.) would theoretically come to [community] > repository?
"upstream recommends using vendored static linking" is not an acceptable reason to violate the packaging guidelines. The program *must* build using the system versions of the 46 dependencies listed in the -static package, and the pkgname must be "clickhouse", not "clickhouse-static", in order to be moved to community; this is part of the "quality of life" care which defines a Trusted User's job. Among other things, this ensures that the openssl and libcurl versions used are the latest versions which are tracked on the security tracker and patched with security backports if needed -- something which is understandably important for anything that is communicating over the network. Also, libxml2 from 2 years ago, which is a bit ouch because xml is not exactly the least-exploited data format ever. Even linux distributions which build statically by default, will expect that the program link to the system's lib*.a static library packages rather than build a custom one. -- Eli Schwartz Bug Wrangler and Trusted User
signature.asc
Description: OpenPGP digital signature
