From: Bill Allombert
Date: Fri, 30 May 2014 09:50:35 +0000 (+0200)
Subject: Policy: Discourage statically linked binaries
X-Git-Url: https://git.donarmstrong.com/?p=debian%2Fdebian-policy.git;a=commitdiff_plain;h=312f351bf076b8092b62a2c997ec148786fb46f6
Policy: Discourage statically linked binaries
Wording: Russ Allbery
Seconded: Bill Allombert
Seconded: Jonathan Nieder
Closes: #555980
---
diff --git a/debian/changelog b/debian/changelog
index c1b4ef5..579b8c7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -28,10 +28,15 @@ debian-policy (3.9.6.0) unstable; urgency=low
Seconded: Damyan Ivanov
Closes: #748479
* Policy: Grant an FHS exception for the multiarch headers directories
- Wording Bill Allombert
+ Wording: Bill Allombert
Seconded: Jonathan Nieder
Seconded: Russ Allbery
Closes: #742756
+ * Policy: Discourage statically linked binaries
+ Wording: Russ Allbery
+ Seconded: Bill Allombert
+ Seconded: Jonathan Nieder
+ Closes: #555980
* Packaging: refreshed the names of the Policy Editors.
[ Jonathan Nieder ]
diff --git a/policy.sgml b/policy.sgml
index fa0a390..c5fd305 100644
--- a/policy.sgml
+++ b/policy.sgml
@@ -8466,7 +8466,17 @@ fi
renamed. If a consensus cannot be reached, both
programs must be renamed.
-
+
+ Binary executables must not be statically linked with the GNU C
+ library, since this prevents the binary from benefiting from
+ fixes and improvements to the C library without being rebuilt
+ and complicates security updates. This requirement may be
+ relaxed for binary executables whose intended purpose is to
+ diagnose and fix the system in situations where the GNU C
+ library may not be usable (such as system recovery shells or
+ utilities like ldconfig) or for binary executables where the
+ security benefits of static linking outweigh the drawbacks.
+
By default, when a package is being built, any binaries
created should include debugging information, as well as
diff --git a/upgrading-checklist.sgml b/upgrading-checklist.sgml
index 592dad8..9c7db6c 100644
--- a/upgrading-checklist.sgml
+++ b/upgrading-checklist.sgml
@@ -50,11 +50,15 @@ Released xxx, 2014.
- The FHS requirement for /usr/local/lib64 to exist
if /lib64 or /usr/lib64 exists is removed.
-9.1.1
+9.1
- An FHS exception has been granted for multiarch include files,
permitting header files to instead be installed to
/usr/include/triplet.
+10.1
+ - Binaries must not be statically linked with the GNU C library,
+ see policy for exceptions.
+
Version 3.9.5.0