M
M
Mingun2014-10-09 07:16:52
linux
Mingun, 2014-10-09 07:16:52

Why is updating one dynamic library updating many packages?

I don't understand. Every time an update comes to Ubuntu, a bunch of packages are updated with the same description, such as fixing a buffer overflow under certain conditions. You look at the description of the package that contains the bug-fixed library, and you see that it seems to contain a dynamic library. But if the library is dynamic, then it is enough to update only it! This is the whole point of dynamic libraries - so that you can fix errors by recompiling only one library and distributing the new version to everyone. Why, then, fixing the library requires recompilation of almost all programs dependent on it? Why then these dynamic libraries?
Addition
Here in the comments the thought of dependencies has already flashed several times. I understand that some programs depend on others and rightly so. But you can install software not only from packages, right? In addition, no one can update the packages. For example, not so long ago there were updates in the TLS support library. Does this mean that those programs whose packages have not been updated are still vulnerable? No, otherwise it would be absurd. And if you can't see the difference, then why does an update in the insides of one library that does not affect its API and ABI generate a cascade update of other programs and libraries? After all, nothing has changed in the code of these programs, after assembly they probably even have the same hash.
Dependencies are good, but everything in this world depends on something. When a libc++ update comes, for example, I don't see updates of tens of thousands of installed packages, and yet almost every program (well, even 10%, although of course, obviously more) depends on this library. However, I have never seen more than a dozen packages updated due to a libc++ update.
Then why do others do it? Can someone explain this?

Answer the question

In order to leave comments, you need to log in

4 answer(s)
R
Renat Ibragimov, 2014-10-09
@MpaK999

The simple explanation is dependencies.

G
Gregory, 2014-10-09
@difiso

Perhaps fixing the error required the use of functionality that is available only in the new version of the library, which in turn led to the need to update it.

S
Sergey, 2014-10-09
@bk0011m

On Ubuntu, you install software from packages. Which someone kindly collected. But the fact is that the packages are assembled on a computer where certain libraries and other software are installed. Accordingly, when assembling, the package is created specifically for this software and libraries. And if your versions do not match, then the system tries to update them. Actually, this is the dependency on certain versions.

P
Puma Thailand, 2014-10-09
@opium

You probably update it like apt-get upgrade
And you need something like apt-get install

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question