Seconded: Damyan Ivanov <dmn@debian.org>
Closes: #748479
* Policy: Grant an FHS exception for the multiarch headers directories
- Wording Bill Allombert <ballombe@debian.org>
+ Wording: Bill Allombert <ballombe@debian.org>
Seconded: Jonathan Nieder <jrnieder@gmail.com>
Seconded: Russ Allbery <rra@debian.org>
Closes: #742756
+ * Policy: Discourage statically linked binaries
+ Wording: Russ Allbery <rra@debian.org>
+ Seconded: Bill Allombert <ballombe@debian.org>
+ Seconded: Jonathan Nieder <jrnieder@gmail.com>
+ Closes: #555980
* Packaging: refreshed the names of the Policy Editors.
[ Jonathan Nieder ]
renamed. If a consensus cannot be reached, <em>both</em>
programs must be renamed.
</p>
-
+ <p>
+ Binary executables must not be statically linked with the GNU C
+ library, since this prevents the binary from benefiting from
+ fixes and improvements to the C library without being rebuilt
+ and complicates security updates. This requirement may be
+ relaxed for binary executables whose intended purpose is to
+ diagnose and fix the system in situations where the GNU C
+ library may not be usable (such as system recovery shells or
+ utilities like ldconfig) or for binary executables where the
+ security benefits of static linking outweigh the drawbacks.
+ </p>
<p>
By default, when a package is being built, any binaries
created should include debugging information, as well as
<item>The FHS requirement for <file>/usr/local/lib64</file> to exist
if <file>/lib64</file> or <file>/usr/lib64</file> exists is removed.
</item>
-<tag>9.1.1</tag>
+<tag>9.1</tag>
<item> An FHS exception has been granted for multiarch include files,
permitting header files to instead be installed to
<file>/usr/include/triplet</file>.
</item>
+<tag>10.1</tag>
+ <item> Binaries must not be statically linked with the GNU C library,
+ see policy for exceptions.
+ </item>
</taglist></p>
<sect id="3.9.5.0"> Version 3.9.5.0