I predict Go and Rust will eventually return to shared libraries, partly due to these reasons, and partly because a single application will eventually take up a gigabyte of space. The performance impacts of this will make systems so slow that they'll have to go back to shared libraries.

these practices evolved for a reason, and we'd do well to remember them. for every security update that's made harder through static linking, the flip side is not sharing global "state" and breaking. Python has virtual envs for exactly this; DLL hell was a real problem.

having the choice would be good though; maybe random CLI tools can be statically linked and have a slower security update cycle, which would be a bad idea for internet-facing stuff.

Many ours later the same article was submitted again and spawned more discussion:

https://news.ycombinator.com/item?id=26203853

I hage always wondered why HN does allow to submit duplicates. It might makes sense years (or maybe months) later, but why hours?

Would you rather have the attack surface that opens up from static linking or from undefined behavior consequent to breaking changes in your dependencies?

No, I'd rather maintainers of packages consider ABI versioning and stability. I should never be in a case where a patch to a dynamic library causes an ABI break. Stable interfaces are crucial for a healthy software ecosystem.

Basically the same story as discussed here

https://news.ycombinator.com/item?id=25758863

but I don't think I saw any great answers

... and not discussed here

https://news.ycombinator.com/item?id=25323103

(Personally I found the second article even more important.)