Comment # 7 on bug 1183960 from 
(In reply to Michael Matz from comment #6)
> An even more aggressive solution would be to stop having the pcre2-posix
> library at all.  Sources that consciously want the pcre2 variant of the
> POSIX regex facility can include pcre2posix.h without other changes in their
> sources and link
> against libpcre2 (without -posix).  And sources who do not consciously want
> pcre2
> under the POSIX names wouldn't link against libpcre2-posix anyway.  So
> providing
> libpcre2-posix at all seems to be a mere rope waiting to be hanged by.
> 
> But if the above is deemed too aggressive, then yeah, at least moving it to
> a separate package, not pulled in by mere chance, and making sure that no
> libraries
> we provide link against it, would be a solution as well.  So, thanks for
> doing
> that :-)  (I came from the gdb side via ncurses to look at this, and my
> initial reaction was: ncurses linking against pcre2-posix?  ugh, disaster in
> waiting :) )

I did take the semi-axe solution, indeed having *any shared library* linked
against libpcre posix is a bad idea and something that needs to be wholly
banned and allowed by whitelist special case only as it will infect everything
up the chain.

You are receiving this mail because: