Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

A security hole in a library is "automatically distributed" to every program dynamically linked against it. Yes, the coin has two sides.


I am not saying that dynamic linking is perfect. However, a lot of it comes down to how manageable is security. How many programs do I have to update? How sure am I as the sysadmin that I got them all? This is easier with dynamic linking than with something ubiquitous but often statically linked like zlib.

Yeah there is a tradeoff. I am not saying there is no downside. I am just saying security-wise, I prefer a single-point-of-correction to a case where I may not know where the weakest link is.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: