You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As a user I would expect that NASA distributed binaries for RHEL 7 are compiled correctly for RHEL 7 and likewise binaries distributed for RHEL 8 are compiled correctly for RHEL 8. The binaries in [1] are not correctly compiled for RHEL 7 or 8 because:
They use the same so names as existing RHEL provided libraries, which causes problems when ld attempts to find the correct library to load.
They recompile APR and OpenSSL instead of using the RHEL provide packages apr and openssl-libs. This has several detrimental effects:
This causes security vulnerabilities because the NASA provided binaries are not updated in a timely manner. See CVEs in GMSEC 4.9.1 Distribution #32
Performance is worse because multiple copies of the same library need to be loaded into memory.
Larger size on disk to to needing multiple copies of the same libraries.
See the Red Hat [2] and Fedora [3] packaging guides.
As a user I would expect that NASA distributed binaries for RHEL 7 are compiled correctly for RHEL 7 and likewise binaries distributed for RHEL 8 are compiled correctly for RHEL 8. The binaries in [1] are not correctly compiled for RHEL 7 or 8 because:
ldattempts to find the correct library to load.aprandopenssl-libs. This has several detrimental effects:See the Red Hat [2] and Fedora [3] packaging guides.
[1] https://github.com/nasa/GMSEC_API/releases/download/API-4.9.1-release/SUPPORT.zip
[2] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/packaging_and_distributing_software/index
[3] https://docs.fedoraproject.org/en-US/packaging-guidelines/