Am 25.05.2012 14:27, schrieb Pavel Ivanov: >> With regard to the second issue, several experienced people, including >> Richard Hipp, have expressed the opinion in more than one occasion >> that statically linking sqlite avoids some problems that can happen >> otherwise. > > OTOH, all people involved in supporting Linux distributions advocate > against static inclusion and for use of dynamic libraries all the time > so that if some bug or security vulnerability is fixed in SQLite it > could be easily updated for everybody by upgrading only one package. I > don't know though what they suggest to do if you need to use version > of SQLite newer than distribution is currently providing. > Well, it reduces the work for the Linux maintainers and some app developers are notoriously slow to fix security bugs upstream.
Guess it really depends on the target audience. For some library or other smaller app that is to be distributed with some popular Linux distro or to another environment where someone else is responsible for keeping the environment sane, it might make sense to do dynamic linking to a system library. If the other person that manages the environment fails, your app fails. If the other person does not update the libs you are stuck and can only file bugs and wait. But if you ship a major system, you really really want to keep your environment under control. More work, but saves you from insane bugs due to broken system libs and weird hacks around various system lib issues. If some lib is broken, just patch it and ship a fixed version. We typically run 'ldd' on all our libs and programs and match the external dependencies to an allowed list. Anything not in that list (which is usually tiny, stuff like libc) found in any library is considered a bug in our product and gets patched (usually by either disabling unnecessary dependencies at compile time or by shipping the really needed dependencies in a working version). So, if you can point to someone else (e.g. Linux distro maintainer) to fix issues with broken libs for you, fine. But if you must fix them yourself due to support contracts, you do not want to be forced to depend on those. Michael -- Michael Schlenker Software Architect CONTACT Software GmbH Tel.: +49 (421) 20153-80 Wiener Straße 1-3 Fax: +49 (421) 20153-41 28359 Bremen http://www.contact.de/ E-Mail: m...@contact.de Sitz der Gesellschaft: Bremen Geschäftsführer: Karl Heinz Zachries, Ralf Holtgrefe Eingetragen im Handelsregister des Amtsgerichts Bremen unter HRB 13215 _______________________________________________ sqlite-users mailing list sqlite-users@sqlite.org http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users
