vulnerable zlib in testing?

Archaic archaic at linuxfromscratch.org
Sun Sep 12 20:18:25 PDT 2004


On Sun, Sep 12, 2004 at 07:31:41AM -0700, Kevin P. Fleming wrote:
> 
> This brings up an important point; I would like to see some text in the 
> books that tells the user when a package links itself against another 
> package's library _statically_.

But in this case, that would still only cover a small amount of the
problem since zlib code is in the source of many programs. That's when
whipping up a perl script to parse binaries comes in handy. Dep tracking
is insufficient and will always lag when dealing with moving targets
such as the LFS book.

-- 
Archaic

When all government ...in little as in great things... shall be drawn to
Washington as the center of all power; it will render powerless the
checks provided of one government on another, and will become as venal
and oppressive as the government from which we separated."

- Thomas Jefferson, 1821




More information about the lfs-dev mailing list