"Building your own FreeType library is can be harmful"
Peter Åstrand
astrand at cendio.se
Tue Feb 22 08:05:19 PST 2005
On Wed, 23 Feb 2005, Daniel Stone wrote:
>> Can anyone explain to me why this is bad and "harmful"? I'm building a
>> Xserver (Xvnc) binary that should work on multiple distributions, so I
>> cannot rely on the distribution providing a certain Freetype version.
>
> If this is true, then you will need to link a static version of
> libfreetype in any case, which is not done by the default distribution
> as I understand it.
Yes, I'm using "XserverStaticFontLib YES".
> In any case, the argument is that for consistency on any given system,
> you should stick to the vendor-provided FreeType, as everything else on
> your system will be built against the same version.
This is just like saying "Running applications and Xservers on different
hosts, with different operating systems, is HARMFUL, since the freetype
versions might not be the same." I mean, the interface to the Xserver is
the X11 protocol. Requiring that applications and the Xserver must be
linked to the exakt same library seems strange to me.
> Also, in the event that there is a security fix upstream, it's one more
> place you need to patch and update.
Of course, but we can deal with that.
If the intention of the warning message is just about this, "think about
the security", then perhaps the warning could be re-phrased?
--
Peter Åstrand Chief Developer
Cendio www.thinlinc.com
Teknikringen 3 www.cendio.se
583 30 Linköping Phone: +46-13-21 46 00
More information about the xorg
mailing list