[openssl-project] To use or not use the iconv API, and to use or not use other libraries

Kurt Roeckx kurt at roeckx.be
Thu Jun 7 21:06:15 UTC 2018


On Thu, Jun 07, 2018 at 12:07:34PM -0500, Benjamin Kaduk wrote:
> On Thu, Jun 07, 2018 at 05:55:27PM +0200, Andy Polyakov wrote:
> > > Regarding general use of other libraries, please think carefully before voting, 'cause this *is* tricky. If you have a look, you will see that we *currently* depend on certain standard libraries, such as, for example, libdl.
> > 
> > One has to recognize that each dependency has to be justified. Sometimes
> > you don't have a choice. For example if you want to talk network on
> > Solaris, you have to link with -lsocket -lnsl. It's just part of the
> > game. But in cases one has a choice, well, one has a choice to *make*.
> > And key question is how do you anchor it. It's only natural to have as
> > little dependencies as possible, so question is what would justify extra
> > dependency.
> 
> Taking off on a bit of a tangent, how much justification did we go
> through when adding pthreads as a dependency.  I have not been
> following very much (Kurt would know more), but apparently in Debian
> there are some issues regarding (statically linked?) applications
> and libraries that use libcrypto but do not explicitly link with
> -pthread.  "Issues" here being, IIRC, crashes at runtime.

I haven't really followed it, I just saw some mentionng of it on
IRC. At least static linkig glibc itself is complicated. I guess
it's also complicated because libc itself contains stubs for the
pthread functions, so at least the order of the libraries will be
important when linking staticly. But I didn't read anything about
crashes, I might have missed things.


Kurt



More information about the openssl-project mailing list