2018-03-08 16:40 GMT+01:00 Michał Górny : > Hello, developers. > > I would like to bring to your attention an alarming trend in Gentoo > ebuilds -- the proliferation of IUSE=static-libs, that is a flag > allowing our users to build static libraries. > > I should like to remind you that static linking is almost always a bad > idea. It has serious security implications, it is poorly supported on > *nix systems (example: library dependencies are provided via hacks, we > don't have proper rebuild capabilities) and should be basically > considered a great evil. Partially relevant doc: [1]. > > This is why Gentoo does not generally support statically linking stuff, > and we force dynamic linking whenever possible (sometimes even going too > far with that but that's another story). We only allow static linking > for special cases where shared linking can't be used for one reason > or another. > > As part of that we also shouldn't deliver static libraries unless > absolutely necessary to satisfy the dependencies of applications which > we support built statically. Back in the day, Gentoo developers were > pushing against packages that built static libraries unconditionally. > However, it seems that at some point this front changed from 'fighting > unconditionally built static libraries' to 'proliferating USE=static- > libs everywhere'. Which is bad. > > So, developers, please *stop adding USE=static-libs* to random libraries > that have no reason whatever to be statically linked to. And by that I > mean a good reason, not creeping featurism, not 'user asked for it', not > 'this broken package hardcodes libfoo.a'. > this would make impossible to use qemu static with binfmt alas https://wiki.debian.org/QemuUserEmulation Also looking for which packages are eligible for static libraries or not is more work, not less, because it's a whole different layer of dependancies (when doing the qemu stuff I just decided to build static for everything rather than manage use flags per package)