Victor Duchovni:
> On Mon, Jul 25, 2011 at 03:52:31PM -0400, Wietse Venema wrote:
>
> > Another idea is to add a -F (fingerprint) command-line option to
> > every executable that dumps mail_version and build_info information.
> > Some people may not be comfortable with egrep and such.
>
> If we're to go to all the trouble, likely the "-F" approach seems to
> make more sense.
>
> On the other hand, with Debian builds where libglobal, ... are separate
> shared libraries, do we fingerprint libglobal, or the calling executable?
> (Do we call a function in the library or clone it into each executable).
Taking the example from SASL and Berkeley DB, the library should
have a version() function whose output can be checked against
compile-time #defines; if the compile time version does not match
the run-time linked version, the warranty is void.
This means that people can no longer safely do "make upgrade" on a
running Postfix system, even if it is just a patchlevel change,
because postfix-internal function interfaces sometimes change. This
makes internal interface changes much more visible.
> Ebedding static variables into each executable unasks the question,
> and we can also include similar statics in each library.
>
> All this said, I doubt it is worth the effort. The existing "fingerprints"
> are probably enough.
The odds of the same version installed with different build options
is quite small.
Wietse
