From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-out.m-online.net (mail-out.m-online.net [212.18.0.9]) by sourceware.org (Postfix) with ESMTPS id 9214E3846405 for ; Wed, 3 Apr 2024 18:50:02 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 9214E3846405 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=linux-m68k.org Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=nefkom.net ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 9214E3846405 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=212.18.0.9 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712170204; cv=none; b=I15QCYDvs/eGR2tnKC0DhEDtWw2rSxS/nAv/qmocp0L4XiBrvEOMZdcl1EO6kX5Vb4jJowN/iPcfnfFJVOzH/AYwzIMtrXJ5BeQSpKBzPYEw8Q9rmX3WOraZCzaOxj+rcm1YyoB2yNf0gCE1uGltybsy7FA98MQjbsPP29nMzCo= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712170204; c=relaxed/simple; bh=9vI7KjH493FLe8Zw2/JSrDvWIPtUhUfydNyOASBxExU=; h=From:To:Subject:Date:Message-ID:MIME-Version; b=unykFVClySWEpHTMegGgb4fa91ViABvoSLhsaveHDj1e+/ii8cEQJkNZ01Lrl64+2sVUVsRalhcn4U68ayFayrl+kodDigtueM2088WaOdbr1qVtoKah2RgzeyZA/X1hayE1yFOmdUSZEEg6YMC2uvNeepqwoGTwSRGXrNiwlvs= ARC-Authentication-Results: i=1; server2.sourceware.org Received: from frontend01.mail.m-online.net (unknown [192.168.8.182]) by mail-out.m-online.net (Postfix) with ESMTP id 4V8v212ZDNz1qsP0; Wed, 3 Apr 2024 20:50:01 +0200 (CEST) Received: from localhost (dynscan1.mnet-online.de [192.168.6.68]) by mail.m-online.net (Postfix) with ESMTP id 4V8v211pYwz1qqlW; Wed, 3 Apr 2024 20:50:01 +0200 (CEST) X-Virus-Scanned: amavis at mnet-online.de Received: from mail.mnet-online.de ([192.168.8.182]) by localhost (dynscan1.mail.m-online.net [192.168.6.68]) (amavis, port 10024) with ESMTP id g7AC6onyS6fK; Wed, 3 Apr 2024 20:50:00 +0200 (CEST) X-Auth-Info: sKAZXVLt1Gax/6HQW7ZNsnSCUwmI1wMZSUgfnZTpq3pKSgzT+gbrkn3EgcDOdEWo Received: from igel.home (aftr-62-216-202-233.dynamic.mnet-online.de [62.216.202.233]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mail.mnet-online.de (Postfix) with ESMTPSA; Wed, 3 Apr 2024 20:50:00 +0200 (CEST) Received: by igel.home (Postfix, from userid 1000) id 5D9202C1A72; Wed, 3 Apr 2024 20:50:00 +0200 (CEST) From: Andreas Schwab To: Paul Floyd via Gcc Cc: Paul Floyd Subject: Re: Sourceware mitigating and preventing the next xz-backdoor In-Reply-To: <4194a94d-c1cb-431d-b5f2-288476d98bf4@free.fr> (Paul Floyd via Gcc's message of "Wed, 3 Apr 2024 17:38:05 +0000") References: <20240329203909.GS9427@gnu.wildebeest.org> <20240401150617.GF19478@gnu.wildebeest.org> <12215cd2-16db-4ee4-bd98-6a4bcf318592@cs.ucla.edu> <6239192ba9ff8aad0752309a54b633dc75a57c77.camel@tugraz.at> <8e877d2f-01e0-c786-dea5-265edbdc0c07@suse.de> <4194a94d-c1cb-431d-b5f2-288476d98bf4@free.fr> X-Yow: I was in EXCRUCIATING PAIN until I started reading JACK AND JILL Magazine!! Date: Wed, 03 Apr 2024 20:50:00 +0200 Message-ID: <87v84yb7s7.fsf@igel.home> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Status: No, score=-0.7 required=5.0 tests=BAYES_00,HEADER_FROM_DIFFERENT_DOMAINS,KAM_DMARC_STATUS,RCVD_IN_BARRACUDACENTRAL,RCVD_IN_DNSWL_LOW,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On Apr 03 2024, Paul Floyd via Gcc wrote: > On 03-04-24 14:32, Martin Uecker via Gcc wrote: > >> The backdoor was hidden in a complicated autoconf script... > > How many uncomplicated autoconf scripts exist in the real world? Probably the same amount as in any other build system. Building (portable) software requires a certain level of complexity. -- Andreas Schwab, schwab@linux-m68k.org GPG Key fingerprint = 7578 EB47 D4E5 4D69 2510 2552 DF73 E780 A9DA AEC1 "And now for something completely different."