Re: lib dependency confusion
On Jan 12, 2018, at 5:22 PM, Bill Colewrote: > All very well and good for a machine running an OS version that got the > ShellShock update from Apple. people probably shouldn't be running an OS version that hasn't been patched for a 4 year old vulnerability. > One of the use cases for MacPorts is to keep older Macs that are physically > capable of doing significant work (e.g. as servers) updated in regards to the > open source parts of MacOS. I don't believe MacPorts should be in the business of helping people keep vulnerable (unsupported by upstream security patches) systems connected to the shared public resource that is the internet. I agree that the hardware is still useful and would suggest that there are alternative operating systems that are maintained and receive security patches that they could run instead. -- Daniel J. Luke
Re: lib dependency confusion
On Jan 12, 2018, at 3:27 PM, Dave Horsfallwrote: > Whether Apple wants to admit that its machines can crash and thereby cream > the filesystem is another question... presumably that's what macOS Recovery is for: https://support.apple.com/en-us/HT201314 -- Daniel J. Luke
Re: lib dependency confusion
On Jan 11, 2018, at 11:31, Vincent Habchi wrote: > Alternatively to what Ryan just mentioned, you can statically link the > executable, which means that you embed all the code the executable and its > dependencies need into the main code. This result in a bigger executable > (more code) but less bloated than a full install with has a full-blown copy > of all librairies. > > In order to do that, you can link against static archives (.a files) rather > than dylibs. We don't want ports to link to static libraries if linking to dynamic libraries is a viable alternative.
Re: lib dependency confusion
On Jan 11 06:23:11, ryandes...@macports.org wrote: > >>> $ port installed depends:libressl > >>> None of the specified ports are installed. > >> > >> This result means: of the ports that specify a dependency containing the > >> substring "libressl", you don't have any installed. > > > > OK, what is the right way to ask port(1) > > > > "which of my currently installed ports > > do depend on the installed libressl"? > > I'm not aware of a way to get the answer to that question, Well, this seems like a very obvious question for a package management system, right?