On Jan 10, 2018, at 14:49, Jan Stary wrote: > On Jan 09 09:40:23, Blair Zajac wrote: >> https://boringssl.googlesource.com/boringssl/ >> >> "Although BoringSSL is an open source project, it is not intended for >> general use, as OpenSSL is. We don't recommend that third parties depend >> upon it. Doing so is likely to be frustrating because there are no >> guarantees of API or ABI stability.” >> >> If projects link statically against an SSL library, then BoringSSL maybe >> fine, but probably not as a shared library used by many packages. > > As opposed to a static library used by many packages?
Ideally, ports should not link with static libraries; they should link with dynamic libraries. That way they receive bug fixes as soon as the port that provides the library is updated.