From: Bill Allombert <Bill.Allombert@math.u-bordeaux1.fr>
Date: Fri, 30 May 2014 09:50:35 +0000 (+0200)
Subject: Policy: Discourage statically linked binaries
X-Git-Url: https://git.donarmstrong.com/?p=debian%2Fdebian-policy.git;a=commitdiff_plain;h=312f351bf076b8092b62a2c997ec148786fb46f6

Policy: Discourage statically linked binaries

Wording: Russ Allbery <rra@debian.org>
Seconded: Bill Allombert <ballombe@debian.org>
Seconded: Jonathan Nieder <jrnieder@gmail.com>
Closes: #555980
---

diff --git a/debian/changelog b/debian/changelog
index c1b4ef5..579b8c7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -28,10 +28,15 @@ debian-policy (3.9.6.0) unstable; urgency=low
     Seconded: Damyan Ivanov <dmn@debian.org>
     Closes: #748479
   * Policy: Grant an FHS exception for the multiarch headers directories
-    Wording Bill Allombert <ballombe@debian.org>
+    Wording: Bill Allombert <ballombe@debian.org>
     Seconded: Jonathan Nieder <jrnieder@gmail.com>
     Seconded: Russ Allbery <rra@debian.org>
     Closes: #742756
+  * Policy: Discourage statically linked binaries
+    Wording: Russ Allbery <rra@debian.org>
+    Seconded: Bill Allombert <ballombe@debian.org>
+    Seconded: Jonathan Nieder <jrnieder@gmail.com>
+    Closes: #555980
   * Packaging: refreshed the names of the Policy Editors.
 
   [ Jonathan Nieder ]
diff --git a/policy.sgml b/policy.sgml
index fa0a390..c5fd305 100644
--- a/policy.sgml
+++ b/policy.sgml
@@ -8466,7 +8466,17 @@ fi
 	  renamed.  If a consensus cannot be reached, <em>both</em>
 	  programs must be renamed.
 	</p>
-
+	<p>
+          Binary executables must not be statically linked with the GNU C
+          library, since this prevents the binary from benefiting from
+          fixes and improvements to the C library without being rebuilt
+          and complicates security updates.  This requirement may be
+          relaxed for binary executables whose intended purpose is to
+          diagnose and fix the system in situations where the GNU C
+          library may not be usable (such as system recovery shells or
+          utilities like ldconfig) or for binary executables where the
+          security benefits of static linking outweigh the drawbacks.
+	</p>
 	<p>
          By default, when a package is being built, any binaries
          created should include debugging information, as well as
diff --git a/upgrading-checklist.sgml b/upgrading-checklist.sgml
index 592dad8..9c7db6c 100644
--- a/upgrading-checklist.sgml
+++ b/upgrading-checklist.sgml
@@ -50,11 +50,15 @@ Released xxx, 2014.
   <item>The FHS requirement for <file>/usr/local/lib64</file> to exist
   if <file>/lib64</file> or <file>/usr/lib64</file> exists is removed.
   </item>
-<tag>9.1.1</tag>
+<tag>9.1</tag>
   <item> An FHS exception has been granted for multiarch include files,
   permitting header files to instead be installed to
   <file>/usr/include/triplet</file>.
   </item>
+<tag>10.1</tag>
+  <item> Binaries must not be statically linked with the GNU C library,
+  see policy for exceptions.
+  </item>
 </taglist></p>
 
 <sect id="3.9.5.0"> Version 3.9.5.0