On 16/01/2008 Reinhard Tartler wrote:
Jonas Meurer [EMAIL PROTECTED] writes:
cryptsetup is at least one binary in /sbin which depends on libgcrypt
and libgpg-error. If i got it right, that should be enough to move the
libs to /lib, correct?
Maybe I should file withlist bugs, and stop
Jonas Meurer [EMAIL PROTECTED] writes:
cryptsetup is at least one binary in /sbin which depends on libgcrypt
and libgpg-error. If i got it right, that should be enough to move the
libs to /lib, correct?
Maybe I should file withlist bugs, and stop building cryptsetup
statically as soon as
Roland Mas writes (Re: Bits from the Testing Security team):
I thought the ability to just copy one binary (/usr/bin/dpkg) from one
box to another and be able to use it right away was precisely the goal
of static linking in that case.
You still get that, unless the point was to play with new
Kurt Roeckx writes (Re: Bits from the Testing Security team):
Decompression is typicly something that is i/o bound, not cpu bound.
If the package is stored on disk and not in buffer cache. However, in
many cases the package will have been just downloaded and so on a big
memory machine like
Ian Jackson, 2007-10-17 15:00:55 +0100 :
[...]
And if there is no good reason to have the decompressors bound in
then having that facility wired into the code is just extra
complexity to no useful purpose.
I thought the ability to just copy one binary (/usr/bin/dpkg) from one
box to another
On Wed, Oct 17, 2007 at 03:00:55PM +0100, Ian Jackson wrote:
Indeed on modern multicore systems running the decompression in a
separate process allows it to be run on a separate CPU, in parallel to
the other processing done by dpkg proper. So it might be faster.
(I haven't done any
Jonas Meurer [EMAIL PROTECTED] writes:
Well, I would consider statically linking a non embedded (i.e. a packaged)
library a bug... Are there known cases where this is a required condition?
cryptsetup is statically linked against libgcrypt and libgpg-error, as
both are in /usr/lib, and
On Mon, Oct 15, 2007 at 08:02:15PM -0400, Roberto C. Sánchez wrote:
Anyway having a way to distinguish source-embedded by statically-linked
would be useful. IMHO the second case is almost always an error, but
for special cases (static linked shell for instance).
Additionally, packages
On 16/10/2007 Reinhard Tartler wrote:
Well, I would consider statically linking a non embedded (i.e. a packaged)
library a bug... Are there known cases where this is a required condition?
cryptsetup is statically linked against libgcrypt and libgpg-error, as
both are in /usr/lib, and
Nico Golde writes (Re: Bits from the Testing Security team):
quoting Adam Heath from #debian-devel:
Thanks for passing that on.
2007-10-15 18:07 eigood dpkg's configure has an option for using
shared libraries or static linking
2007-10-15 18:08 eigood for gzip
On Tue, Oct 16, 2007 at 02:34:36PM +0100, Ian Jackson wrote:
Nico Golde writes (Re: Bits from the Testing Security team):
quoting Adam Heath from #debian-devel:
Thanks for passing that on.
2007-10-15 18:07 eigood dpkg's configure has an option for using
shared
On Sun, Oct 14, 2007 at 11:38:35PM +0200, Stefan Fritsch wrote:
Embedded code copies
There are a number of packages including source code from external
libraries, for example poppler is included in xpdf, kpdf and others. To
ensure that we don't miss any
Hi Francesco,
* Francesco P. Lovergine [EMAIL PROTECTED] [2007-10-15 11:08]:
On Sun, Oct 14, 2007 at 11:38:35PM +0200, Stefan Fritsch wrote:
Embedded code copies
There are a number of packages including source code from external
libraries, for example poppler is
On Sun, Oct 14, 2007 at 11:38:35PM +0200, Stefan Fritsch wrote:
Embedded code copies
There are a number of packages including source code from external
libraries, for example poppler is included in xpdf, kpdf and others. To
ensure that we don't miss any vulnerabilities
On Mon, Oct 15, 2007 at 11:06:32AM +0200, Francesco P. Lovergine wrote:
On Sun, Oct 14, 2007 at 11:38:35PM +0200, Stefan Fritsch wrote:
Embedded code copies
There are a number of packages including source code from external
libraries, for example poppler is
On Mon, Oct 15, 2007 at 11:20:02AM +0200, Nico Golde wrote:
Yes true but in most cases the code base is nearly the same
and we can check this without knowing ;)
I wonder if in those special cases an Embed: source tag could be added in
debian/control to help tracking things.
That
On Mon, Oct 15, 2007 at 11:29:16AM +0200, Stefano Zacchiroli wrote:
So, question, do you want to have reports also of missing pieces of
statically linked code snippets in that list?
On request of Steffen Joeris I'm following up here with a chat log
between we two:
(15:34:40) white: hi
Hi Francesco,
* Francesco P. Lovergine [EMAIL PROTECTED] [2007-10-15 16:05]:
On Mon, Oct 15, 2007 at 11:20:02AM +0200, Nico Golde wrote:
Yes true but in most cases the code base is nearly the same
and we can check this without knowing ;)
I wonder if in those special cases an Embed:
Nico Golde escreveu:
Hi Francesco,
* Francesco P. Lovergine [EMAIL PROTECTED] [2007-10-15 16:05]:
On Mon, Oct 15, 2007 at 11:20:02AM +0200, Nico Golde wrote:
Yes true but in most cases the code base is nearly the same
and we can check this without knowing ;)
I wonder if in
On Mon, Oct 15, 2007 at 04:17:35PM +0200, Nico Golde wrote:
I wonder if in those special cases an Embed: source tag could be
added in
debian/control to help tracking things.
That would be a nice thing, also if this would include
information if the code is really included or
Nico Golde writes (Re: Bits from the Testing Security team):
Yes, dpkg for example links statically against libbz2 and zlib just to
pick a famous example.
IMO this is a mistake, and I hope it will be reversed soon ...
Ian.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject
Hi Ian,
* Ian Jackson [EMAIL PROTECTED] [2007-10-15 19:59]:
Nico Golde writes (Re: Bits from the Testing Security team):
Yes, dpkg for example links statically against libbz2 and zlib just to
pick a famous example.
IMO this is a mistake, and I hope it will be reversed soon ...
quoting
On Mon, Oct 15, 2007 at 08:48:02PM +0200, Nico Golde wrote:
Hi Ian,
* Ian Jackson [EMAIL PROTECTED] [2007-10-15 19:59]:
Nico Golde writes (Re: Bits from the Testing Security team):
Yes, dpkg for example links statically against libbz2 and zlib just to
pick a famous example.
IMO
On Mon, Oct 15, 2007 at 09:08:06PM +0200, Kurt Roeckx wrote:
On Mon, Oct 15, 2007 at 08:48:02PM +0200, Nico Golde wrote:
Hi Ian,
* Ian Jackson [EMAIL PROTECTED] [2007-10-15 19:59]:
Nico Golde writes (Re: Bits from the Testing Security team):
Yes, dpkg for example links statically
On 2007-10-15, Stefano Zacchiroli [EMAIL PROTECTED] wrote:
--MGYHOYXEY6WxJCY8
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Mon, Oct 15, 2007 at 11:29:16AM +0200, Stefano Zacchiroli wrote:
So, question, do you want to
On Mon, Oct 15, 2007 at 08:40:01PM +0200, Moritz Muehlenhoff wrote:
On 2007-10-15, Stefano Zacchiroli [EMAIL PROTECTED] wrote:
So, question, do you want to have reports also of missing pieces of
statically linked code snippets in that list?
Yes, this list has always included apps linking
On Tue, Oct 16, 2007 at 12:20:52AM +0200, Francesco P. Lovergine wrote:
On Mon, Oct 15, 2007 at 08:40:01PM +0200, Moritz Muehlenhoff wrote:
On 2007-10-15, Stefano Zacchiroli [EMAIL PROTECTED] wrote:
So, question, do you want to have reports also of missing pieces of
statically linked code
On 15/10/2007 Francesco P. Lovergine wrote:
I wonder if in those special cases an Embed: source tag could be added
in
debian/control to help tracking things.
That would be a nice thing, also if this would include
information if the code is really included or just
statically
28 matches
Mail list logo