Re: New supply-chain security tool: backseat-signed
On Thu, Apr 11, 2024 at 10:26:55AM -0400, Theodore Ts'o wrote:
> On Sat, Apr 06, 2024 at 04:30:44PM +0100, Simon McVittie wrote:
> > But, it is conventional for Autotools projects to ship the generated
> > ./configure script *as well* (for example this is what `make dist`
> > outputs), to allow the project to be compiled on systems that do not
> > have the complete Autotools system installed.
>
> Or, because some upstream maintainers have learned through, long,
> bitter experience that newer versions of autoconf tools may result in
> the generated configure script to be busted (sometimmes subtly), and
> so distrust relying on blind autoreconf always working.
When was the last time this actually happened to you? I certainly
remember it being a problem in the early 2.5x days, but it's been well
over a decade since this actually bit me.
--
Colin Watson (he/him) [cjwatson@debian.org]
Reply to: