From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp-out1.suse.de (smtp-out1.suse.de [IPv6:2a07:de40:b251:101:10:150:64:1]) by sourceware.org (Postfix) with ESMTPS id 90A933858431; Thu, 4 Apr 2024 14:00:41 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 90A933858431 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=suse.de Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=suse.de ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 90A933858431 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2a07:de40:b251:101:10:150:64:1 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712239242; cv=none; b=vFy+C3exNAOsixbYlTYmCWrVrIevq6rGxHwRrkMWv3x2EWsJkk9Hm8bB58tBBIN+4eHsRCr2+ZpZw+RmODoVrs5uX8ERsrXvpObL0SO1sVJDAXGyZvEgqasEJUltelZhizilNqYvGvtst1lTma5blrAkObNPJk9cBSQNj2yBGs4= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712239242; c=relaxed/simple; bh=gE74veOOlenFx0+ORL63pxrNMmQ0ezUlPk1NqJTaLaA=; h=DKIM-Signature:DKIM-Signature:DKIM-Signature:DKIM-Signature:Date: From:To:Subject:Message-ID:MIME-Version; b=QlENF9Fd8U3I1hgodizhvHw0zc0jVES/N8ANjbHTItMaQKNy/Kh0fZzafthGTtt0QtI6ZUkJsLTXv7FI0aRoJFdWnZXGc4szyFqF8xN1xYr7ylAueH+jA65A7Wc+yxF6lS/x5XjGxHmcoc3H8aD6GizQIQwI4YVlkMi0QEnQQSQ= ARC-Authentication-Results: i=1; server2.sourceware.org Received: from knuth.suse.de (unknown [10.168.5.16]) by smtp-out1.suse.de (Postfix) with ESMTP id 18D3C37C44; Thu, 4 Apr 2024 14:00:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1712239240; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=W9kb2BtLvd60stQCRaOxJ42Udj5nzfrI8RAiP2j+yLY=; b=eACbjgrIupsyxrrjbaCCKwMU4AdvbbPmz/RfaSKyRjYMJb5p548HSGX4ryekUKjWu/xEQJ qYJRrJYzN1DdXH7y3cXgUf0ZMRvSd6yCrSK0m5e5IBPALpgv2W4CppAnCnEUyureEu/jXF DziYxkUgVkNgIaxQ4h3oZE7lgcZEXQo= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1712239240; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=W9kb2BtLvd60stQCRaOxJ42Udj5nzfrI8RAiP2j+yLY=; b=/58lCjOBcF6u2esAqwwaA55eoPGVIjQzYVOe+h0pKNSLiOZkfZ5AMW65vG9BTg87g4FkBW Tp9DHAk/ij+yzWBA== Authentication-Results: smtp-out1.suse.de; none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1712239240; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=W9kb2BtLvd60stQCRaOxJ42Udj5nzfrI8RAiP2j+yLY=; b=eACbjgrIupsyxrrjbaCCKwMU4AdvbbPmz/RfaSKyRjYMJb5p548HSGX4ryekUKjWu/xEQJ qYJRrJYzN1DdXH7y3cXgUf0ZMRvSd6yCrSK0m5e5IBPALpgv2W4CppAnCnEUyureEu/jXF DziYxkUgVkNgIaxQ4h3oZE7lgcZEXQo= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1712239240; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=W9kb2BtLvd60stQCRaOxJ42Udj5nzfrI8RAiP2j+yLY=; b=/58lCjOBcF6u2esAqwwaA55eoPGVIjQzYVOe+h0pKNSLiOZkfZ5AMW65vG9BTg87g4FkBW Tp9DHAk/ij+yzWBA== Received: by knuth.suse.de (Postfix, from userid 10510) id F0054345F0F; Thu, 4 Apr 2024 15:59:39 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by knuth.suse.de (Postfix) with ESMTP id DEFD4345F0E; Thu, 4 Apr 2024 15:59:39 +0200 (CEST) Date: Thu, 4 Apr 2024 15:59:39 +0200 (CEST) From: Michael Matz To: Jonathon Anderson cc: Martin Uecker , Ian Lance Taylor , Paul Koning , Paul Eggert , Sandra Loosemore , Mark Wielaard , overseers@sourceware.org, gcc@gcc.gnu.org, binutils@sourceware.org, gdb@sourceware.org, libc-alpha@sourceware.org Subject: Re: Sourceware mitigating and preventing the next xz-backdoor In-Reply-To: Message-ID: <41394737-6f2d-86e7-5742-e0a794f9f63c@suse.de> References: <20240329203909.GS9427@gnu.wildebeest.org> <20240401150617.GF19478@gnu.wildebeest.org> <12215cd2-16db-4ee4-bd98-6a4bcf318592@cs.ucla.edu> <6239192ba9ff8aad0752309a54b633dc75a57c77.camel@tugraz.at> <8e877d2f-01e0-c786-dea5-265edbdc0c07@suse.de> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Spam-Level: X-Spamd-Result: default: False [-2.70 / 50.00]; BAYES_HAM(-3.00)[100.00%]; SUSPICIOUS_RECIPS(1.50)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.20)[-1.000]; MIME_GOOD(-0.10)[text/plain]; RCVD_NO_TLS_LAST(0.10)[]; ARC_NA(0.00)[]; FREEMAIL_TO(0.00)[gmail.com]; MIME_TRACE(0.00)[0:+]; TAGGED_RCPT(0.00)[]; RCPT_COUNT_TWELVE(0.00)[12]; MISSING_XM_UA(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; FROM_EQ_ENVFROM(0.00)[]; FROM_HAS_DN(0.00)[]; FREEMAIL_CC(0.00)[tugraz.at,golang.org,comcast.net,cs.ucla.edu,baylibre.com,klomp.org,sourceware.org,gcc.gnu.org]; TO_DN_SOME(0.00)[]; DBL_BLOCKED_OPENRESOLVER(0.00)[knuth.suse.de:helo]; RCVD_COUNT_TWO(0.00)[2]; TO_MATCH_ENVRCPT_ALL(0.00)[]; FUZZY_BLOCKED(0.00)[rspamd.com]; FREEMAIL_ENVRCPT(0.00)[comcast.net,gmail.com] X-Spam-Score: -2.70 X-Spam-Status: No, score=-2.4 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: Hello, On Wed, 3 Apr 2024, Jonathon Anderson wrote: > Of course, this doesn't make the build system any less complex, but > projects using newer build systems seem easier to secure and audit than > those using overly flexible build systems like Autotools and maybe even > CMake. IMHO using a late-model build system is a relatively low > technical hurdle to overcome for the benefits noted above, switching > should be considered and in a positive light. Note that we're talking not (only) about the build system itself, i.e. how to declare dependencies within the sources, and how to declare how to build them. make it just fine for that (as are many others). (In a way I think we meanwhile wouldn't really need automake and autogen, but rewriting all that in pure GNUmake is a major undertaking). But Martin also specifically asked about alternatives for feature tests, i.e. autoconfs purpose. I simply don't see how any alternative to it could be majorly "easier" or "less complex" at its core. Going with the examples given upthread there is usually only one major solution: to check if a given system supports FOOBAR you need to bite the bullet and compile (and potentially run!) a small program using FOOBAR. A configuration system that can do that (and I don't see any real alternative to that), no matter in which language it's written and how traditional or modern it is, also gives you enough rope to hang yourself, if you so choose. If you get away without many configuration tests in your project then this is because what (e.g.) the compiler gives you, in the form of libstdc++ for example, abstracts away many of the peculiarities of a system. But in order to be able to do that something (namely the config system of libstdc++) needs to determine what is or isn't supported by the system in order to correctly implement these abstractions. I.e. things you depend on did the major lifting of hiding system divergence. (Well, that, or you are very limited in the number of systems you support, which can be the right thing as well!) Ciao, Michael.