X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=policy.sgml;fp=policy.sgml;h=c5fd30586c505a1805f90e2d9b833ae2cf4a1c2e;hb=312f351bf076b8092b62a2c997ec148786fb46f6;hp=fa0a390cf08308c5ed2c57886845ec64e9a66d18;hpb=a455d2387d8ef592eca042366eed6247ab0d587d;p=debian%2Fdebian-policy.git

diff --git a/policy.sgml b/policy.sgml
index fa0a390..c5fd305 100644
--- a/policy.sgml
+++ b/policy.sgml
@@ -8466,7 +8466,17 @@ fi
 	  renamed.  If a consensus cannot be reached, <em>both</em>
 	  programs must be renamed.
 	</p>
-
+	<p>
+          Binary executables must not be statically linked with the GNU C
+          library, since this prevents the binary from benefiting from
+          fixes and improvements to the C library without being rebuilt
+          and complicates security updates.  This requirement may be
+          relaxed for binary executables whose intended purpose is to
+          diagnose and fix the system in situations where the GNU C
+          library may not be usable (such as system recovery shells or
+          utilities like ldconfig) or for binary executables where the
+          security benefits of static linking outweigh the drawbacks.
+	</p>
 	<p>
          By default, when a package is being built, any binaries
          created should include debugging information, as well as