Re: xz backdoor
On Mon, Apr 01, 2024 at 04:47:05PM +0100, Colin Watson wrote:
> On Mon, Apr 01, 2024 at 08:13:58AM -0700, Russ Allbery wrote:
> > Bastian Blank <waldi@debian.org> writes:
> > > I don't understand what you are trying to say. If we add a hard check
> > > to lintian for m4/*, set it to auto-reject, then it is fully irrelevant
> > > if the upload is a tarball or git.
> >
> > Er, well, there goes every C package for which I'm upstream, all of which
> > have M4 macros in m4/* that do not come from an external source.
>
> Ditto. And a bunch of the packages where I'm not upstream too, such as
> that famously enthusiastic adopter of all things GNU, OpenSSH.
For e2fsprogs, almost all the M4 macros come from an external source;
but I had to patch one of the macros so that it would work on *BSD
when using pmake as opposed to GNU make. And in another case, I
copied the macro from another package's git repo to fix a portability
issue with Mac OS X.
So it's highly likely that if you added a hard check in Lintian, both
of these would trigger for e2fsprogs.
Portability is hard. Let's go shopping!
- Ted
Reply to: