On Thu, Dec 04, 2025 at 12:31:42AM +0300, Alexey Egorov via Chicken-users wrote: > > What is it that you don't like in the static linking solution? > > Uh, that was not ideal choice of words. I don't dislike static > linking, in fact I > prefer it for simplicity, stability and general ease of use. > > The full story is, I want to package my software, some distros (e.g. Gentoo) > discourage the use of static linking for security reasons, and while it's not > forbidden to do so, I'd like to follow the guidelines as closely as possible.
I always thought those same distro guidelines also preferred to use centralized installation of dependencies. For example, in Debian if you install something like, say, Django it'll install python3-pytz, python3-python3-yaml etc in the system-wide package location. This also basically means you can only have one copy of each Python package installed. Accepted best practices for Python software usually involves setting up a virtualenv and installing it locally in the directory of a project so you can control the exact python packages and don't run into dependency hell due to clashes with the system-wide package, but distros completely disregard these best practices for ease of packaging and (like you say) security - upgrading one library fixes the security of all Python programs relying on that library. I don't know Arch that well, but from a quick look at https://archlinux.org/packages/extra/any/python-django/ it seems to behave identically to Debian in this regard. So if you do decide to deviate from this practice with your CHICKEN programs, I would suggest static linking of eggs is not meaningfully different. The only benefit you'd get from dynamic linking in a custom location is that you'd be able to get security updates for the system C libraries the eggs in your program depend on. But if the eggs themselves get a security update, your program would not automatically benefit from that. Cheers, Peter
