On Sun, 30 Oct 2016 15:19:59 -0500
Tom Ritter wrote:
> On Oct 29, 2016 12:52 PM, "Yawning Angel"
> wrote:
> >
> > On Sat, 29 Oct 2016 11:51:03 -0200
> > Daniel Simon wrote:
> > > > Solution proposed - Static link the Tor Browser Bundle with musl
> > > > libc.[1] It is a simple and fast libc i
On Oct 29, 2016 12:52 PM, "Yawning Angel" wrote:
>
> On Sat, 29 Oct 2016 11:51:03 -0200
> Daniel Simon wrote:
> > > Solution proposed - Static link the Tor Browser Bundle with musl
> > > libc.[1] It is a simple and fast libc implementation that was
> > > especially crafted for static linking. Thi
libc is dynamically linked so one distribution-level upgrade will fix one libc
problem. As opposed to having to rebuild every single program and trying to
ship that to users in a huge update. The former is less complex.
Statically linking shifts the burden of tracking and fixing security bugs, a
Yawning Angel:
> Having to rebuild the browser when the libc needs to be updated seems
> terrible as well.
Why is it terrible?
Using static linking drastically reduces overall *complexity*
(~1/security). If you do use libc code in your stuff then it's a part of
this stuff. If there is a bug in li
