PYTOGO

Gary E. Miller gem at rellim.com
Tue Sep 18 22:18:31 UTC 2018


Yo Richard!

On Tue, 18 Sep 2018 17:04:31 -0500
Richard Laager via devel <devel at ntpsec.org> wrote:

> On 09/18/2018 02:06 PM, Achim Gratz via devel wrote:
> > That will not go down well with system packagers.  Building
> > "static" is one of those ideas that apparently can't be weeded
> > out.  I expect the distributions to change their toolchains in no
> > time to default to shared linking (system installed) libraries or
> > else ignore Go completely.  
> 
> I'm doing some digging, and from what I can see Debian/Ubuntu added
> support for shared linking Go libraries and then removed it a couple
> years later. I'm asking in IRC to try to get a more
> conclusive/authoritative answer.

Thaks, I'd love to hear what they say.

> As a user, the downsides of static linking are increased disk space
> usage, increased memory usage, and eliminating ASLR. These probably
> aren't huge concerns in this case.

Why would it affect ASLR?  Doesn't ASLR just assign the base memory
location for each code/data section randomly?  I would assume a static
binary still has a lot of different memory sections.

> As a packager, the biggest downside is that the package has to be
> recompiled if any of its dependencies are updated.

Or conversely, does NOT have to be recompiled because it is fully
static.  This allows phased updates instead of all or nothing flag
days.

> I'm not sure how
> the Go team is handling that in Debian. Specifically, is it their job
> to rebuild reverse dependencies when uploading a new library, or is
> it my job to notice and rebuild? That's a rhetorical question for
> this list. I'll ask the Debian Go people at some point.

My approach would be: Ain't broke, don't fix it.  Just recompile
Go packages a few times a year, or when the Go package updates.  

Sorta like how Gentoo handle updates.  Gentoo does not force a rebuild
of all packages using a library just because the library updated.  It
lets the package use older versioned libraries.  Good thing as some
libraries, not naming names, have troubled update practices.

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
	gem at rellim.com  Tel:+1 541 382 8588

	    Veritas liberabit vos. -- Quid est veritas?
    "If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20180918/da172ff5/attachment.bin>


More information about the devel mailing list