X-Git-Url: https://git.donarmstrong.com/?a=blobdiff_plain;f=policy.sgml;h=4855506e6105556bc6db756e712ed4f849dcbc68;hb=3c725b9d2af39ac3a7e24b7d9eb374a48c5b6893;hp=fa0a390cf08308c5ed2c57886845ec64e9a66d18;hpb=a455d2387d8ef592eca042366eed6247ab0d587d;p=debian%2Fdebian-policy.git

diff --git a/policy.sgml b/policy.sgml
index fa0a390..4855506 100644
--- a/policy.sgml
+++ b/policy.sgml
@@ -3673,7 +3673,7 @@ Files:
 	  <p>
 	    The special value <tt>byhand</tt> for the section in a
 	    <tt>.changes</tt> file indicates that the file in question
-	    is not an ordinary package file and must by installed by
+	    is not an ordinary package file and must be installed by
 	    hand by the distribution maintainers.  If the section is
 	    <tt>byhand</tt> the priority should be <tt>-</tt>.
 	  </p>
@@ -8466,7 +8466,17 @@ fi
 	  renamed.  If a consensus cannot be reached, <em>both</em>
 	  programs must be renamed.
 	</p>
-
+	<p>
+          Binary executables must not be statically linked with the GNU C
+          library, since this prevents the binary from benefiting from
+          fixes and improvements to the C library without being rebuilt
+          and complicates security updates.  This requirement may be
+          relaxed for binary executables whose intended purpose is to
+          diagnose and fix the system in situations where the GNU C
+          library may not be usable (such as system recovery shells or
+          utilities like ldconfig) or for binary executables where the
+          security benefits of static linking outweigh the drawbacks.
+	</p>
 	<p>
          By default, when a package is being built, any binaries
          created should include debugging information, as well as