On Sun, 2023-06-18 at 10:53 -0400, [email protected] wrote: > We could argue the merits of static vs. dynamic linking, but neither of > us is an expert, so that argument would likely be sub-optimal. ;-)
That's incorrect. Everybody is an expert. It's possible to audit a single shared library. We still might have not the skills, but at least we can take a look at CVEs, e.g. by using one of Arch's audit tools. We can't do the same for all those /opt, appimages, flatpaks and snap installs.
