My recommendation is that we talk to the security team. The biggest disadvantage of all these static libs running around is the number of packages they need to do security updates for. We could ask them about whether it's better to have:
1) no static aide 2) a static libcurl with less functionality, so aide needs to get libcurl security updates but not krb5 security updates 3) A static aide with libcurl and somewhat crippled Kerberos meaning that aide needs to get libcurl and krb5 updates. In addition libcurl might potentially need to get rebuilt on Kerberos security updates. I'm happy to go along with whatever they are comfortable with. I'd stick the static libs probably in a libkrb5-static package. --Sam -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
