<br><br><div><span class="gmail_quote">On 12/2/06, <b class="gmail_sendername">Michael Homer</b> <<a href="mailto:firstname.lastname@example.org">email@example.com</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>There may also be problems if a dependent library of Foo is linked<br>against a different version of Bar than Foo is. That means library<br>compatibility couldn't be updated until every dependent (and<br>co-reliant) program was verified as well.
<br></blockquote></div><br>I think I've just seen this point of yours, and the answer is that, when a library itself depends on other libraries, its real name is not enough for compatibility purposes. You also need to know what it has been linked against in your system. This information should be stored locally and uploaded to the database as well. So, if a library's real name is
libfoo.so.3.1 , then we could say that its "recursively real name" is something like libfoo.so.3.1-linkedagainst-libbar.so.4.2- -linkedagainst-libwatever.so.5.3. Knowing the recursively real names of every library an application has been tested with should be safe.