[giovannibajo1]

Not really, I depend on my distro to push updated packages that I will update. And I also hope that my distro pushes me binary diffs so that it's going to be very fast.

The point is: in the context of a Linux distro, it's not true that you need dynamic linking to be able to do security patches effectively. What users do is to run the package manager to update the system; the package manager can provide updates to static binaries as well (and do it efficiently). It's just a matter of tooling; current package managers are designed around the concept of dynamic libraries, but they could be updated.

[jstimpfle]

Is it practical to make diffs of recompiled binaries? Don't you need to compile to position independent code? Or otherwise make sure that most of the code's position does not change when some statically linked library changes?

[jdc0589]

Slightly different comparison, but I remember some google project to do this for shipping updates a while ago. Must have been for android, but I can't remember.

[infogulch]

Chrome, actually. Called Courgette [1]. This would actually be really awesome to apply to statically-linked distro updates.

[1]: https://www.chromium.org/developers/design-documents/softwar...