[tex-live] xdvipdfmx build problem
Florent Rougon
f.rougon at free.fr
Mon Oct 2 15:20:23 CEST 2006
Hi,
karl at freefriends.org (Karl Berry) wrote:
> Anyway, I think it would be better/safer to link in fontconfig
> statically, just as we do with almost everything else.
If you do that, please make it a configure option. The reason is, with
statically linked libraries, security support in big distros such as
Debian is a nightmare, because when there is a security problem in such
a library, we, Debian maintainers, have to:
1) find every single program that is statically linked with it;
2) check whether the statically linked version suffers from the
security problem;
3) if yes, patch it (which may be tricky because the available patches
don't necessarily apply to the particular version of the library
that was statically linked with); then, test and upload.
With dynamically linked libraries, you fix the security problem once in
the library pacakge, and you're done. The only thing needed is for the
admin to restart any program linked to the updated library (which also
has to be done with statically linked libraries, anyway).
--
Florent
More information about the tex-live
mailing list