We currently do this sporadically. Not only amongst packages, but across
OS's, i.e sometimes it's done for BSDs/Android, and sometimes not.
Configure with `--with-pic` globally instead. I think this generally
makes more sense, and should not have any downsides.
See related discussion in
https://github.com/bitcoin/bitcoin/pull/28846#discussion_r1399123100.
We use pkg-config where we can, which generally replaces libtool at a
higher level and does not have the same downsides as libtool. These
archives sit in our depends tree with no purpose and pollute the final
bitcoin build with massive overlinking.
Some dependency sources were downloaded via http, even though https (SSL/TLS) options are available.
Even if we potentially check the integrity of the downloaded files via hash comparison, we should make
use of this additional security layer.
bdb.mk
fontconfig.mk
freetype.mk
libX11.mk
libXau.mk
libXext.mk
libxcb.mk
native_cctools.mk
native_cdrkit.mk
xcb_proto.mk
xextproto.mk
xproto.mk
xtrans.mk
zlib.mk
miniupnp was switched to official project mirror with SSL support
We may eventually want to break out harfbuzz and build it in depends, but
for now just ensure that runtime dependencies don't depend on whether or not
harfbuzz was present on the builder.