vulnerable zlib in testing?

Archaic archaic at
Sun Sep 12 20:18:25 PDT 2004

On Sun, Sep 12, 2004 at 07:31:41AM -0700, Kevin P. Fleming wrote:
> This brings up an important point; I would like to see some text in the 
> books that tells the user when a package links itself against another 
> package's library _statically_.

But in this case, that would still only cover a small amount of the
problem since zlib code is in the source of many programs. That's when
whipping up a perl script to parse binaries comes in handy. Dep tracking
is insufficient and will always lag when dealing with moving targets
such as the LFS book.


When all government little as in great things... shall be drawn to
Washington as the center of all power; it will render powerless the
checks provided of one government on another, and will become as venal
and oppressive as the government from which we separated."

- Thomas Jefferson, 1821

More information about the lfs-dev mailing list