[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Reasons for Statically linking to Bekely DB?



man, 05.04.2004 kl. 19.23 skrev Medievalist:

> I can't speak for other people, but the reason I like to have a separate, 
> statically linked Berkeley DB behind my LDAP servers is so that I don't have to 
> micro-manage sysadmins.
[...]

> A service which controls system availability should only run with known good 
> tested libraries, and these should not be upgraded unless a security problem is 
> known to exist or an additional function is required.

Agreed. Compile all apps exclusively with static libs (unless there's
some good reason not to - e.g. Apache). Attempt to keep new headers,
libs and dependencies completely separated from old headers, libs and
dependencies (e.g. old prefixes /usr, new prefix /usr/local). Don't
update/upgrade *anything* on a production machine unless there's some
very good reason for doing so (security vulnerability, proven
inadequacy).

Judge those other than your vendor's rpms, debs etc. on the supplier's
proved merit.

Thanks Charlie :)

--Tonni

-- 

mail: billy - at - billy.demon.nl
http://www.billy.demon.nl