that an attacker who replaces a library with a trojaned one doesn't notice that aide is installed) but, as far as this port goes, nobody has bumped it when dependencies have had security fixes, so we're better off with dynamic.
