From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130]) by sourceware.org (Postfix) with ESMTPS id 531993858401; Wed, 3 Apr 2024 16:02:34 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 531993858401 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=suse.de Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=suse.de ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 531993858401 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=195.135.223.130 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712160157; cv=none; b=U7FI8NaCvLB+ipIkgdxLXytArIbStJPVELLbmj31jQUFAObPISAaV8BQSM6wzIw+OJWcqGEZJfMHatqITFJ3/LfAwBMrcy2Hdrdi6KtvMR9L1+jr077RxIh6GmIZQ6ZEJ/bucOQOs82nySldHthXWhETGhW1owFp2lBvBeTQ7HE= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1712160157; c=relaxed/simple; bh=wlRRJtewxq9lmZGNQnYD4gY0DpzHrwpZOqhCPT17t/c=; h=DKIM-Signature:DKIM-Signature:Date:From:To:Subject:Message-ID: MIME-Version; b=IjO9kFVpbpqHZClv/YdpP6H5xkQ/R76KKu/+pv5MXkOVr5otPdv4dGeuPgaBcegCH5pGJ9dCZTeInNnNLLuk7Lg0umL80F85SpWlvfIzfEP342vL9fXr5xafE9e7LkRxEX1GTFQe/H6HDqun3vPQorpRC5556NR99vjHlZJZ/1g= ARC-Authentication-Results: i=1; server2.sourceware.org Received: from knuth.suse.de (unknown [10.168.5.16]) by smtp-out1.suse.de (Postfix) with ESMTP id 300CD37247; Wed, 3 Apr 2024 16:02:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1712160152; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=DURG5GznxsTqMoaVqbCFfO7r9SPqk4Cw/hT3d26XweE=; b=FL4gYtHHhRQlRNlSA2Ob0xm2BEw6p6lr3xaFaRL7mc/wnqWoseHgE17u5PiJ/Sni8X0XRk jo7ENtv/isgqpSe5Wpu2chqhIbFODDV1/m2SQCFT+p/LtxILi+xHGeUc/l2AnAj7SquUy0 /btJKnS7mHcn5Il0ndb0cvamqrmWWv0= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1712160152; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=DURG5GznxsTqMoaVqbCFfO7r9SPqk4Cw/hT3d26XweE=; b=9nrsFGXY3xpL3WP0WtnhOcdRSTQOg5RMVtf0+c3TI0+E3Y4gzWRyl4irpU5r5N+/hGEaIL zLmJBauZ4NvHSCAw== Authentication-Results: smtp-out1.suse.de; none Received: by knuth.suse.de (Postfix, from userid 10510) id 27ACB34574B; Wed, 3 Apr 2024 18:02:32 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by knuth.suse.de (Postfix) with ESMTP id 1703A34574A; Wed, 3 Apr 2024 18:02:32 +0200 (CEST) Date: Wed, 3 Apr 2024 18:02:31 +0200 (CEST) From: Michael Matz To: Martin Uecker cc: Ian Lance Taylor , Paul Koning , Paul Eggert , Sandra Loosemore , Mark Wielaard , overseers@sourceware.org, gcc@gcc.gnu.org, binutils@sourceware.org, gdb@sourceware.org, libc-alpha@sourceware.org Subject: Re: Sourceware mitigating and preventing the next xz-backdoor In-Reply-To: Message-ID: <1261f798-175b-961d-b937-f3a9f4246659@suse.de> References: <20240329203909.GS9427@gnu.wildebeest.org> <20240401150617.GF19478@gnu.wildebeest.org> <12215cd2-16db-4ee4-bd98-6a4bcf318592@cs.ucla.edu> <6239192ba9ff8aad0752309a54b633dc75a57c77.camel@tugraz.at> <8e877d2f-01e0-c786-dea5-265edbdc0c07@suse.de> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="8323328-969211685-1712160152=:12903" X-Spamd-Result: default: False [-2.20 / 50.00]; BAYES_HAM(-3.00)[100.00%]; CTYPE_MIXED_BOGUS(1.00)[]; NEURAL_HAM_SHORT(-0.20)[-1.000]; MIME_GOOD(-0.10)[multipart/mixed,text/plain]; RCVD_NO_TLS_LAST(0.10)[]; RCPT_COUNT_SEVEN(0.00)[11]; TO_DN_SOME(0.00)[]; MIME_TRACE(0.00)[0:+,1:+]; ARC_NA(0.00)[]; MISSING_XM_UA(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; FREEMAIL_ENVRCPT(0.00)[comcast.net]; FUZZY_BLOCKED(0.00)[rspamd.com]; FROM_HAS_DN(0.00)[]; FREEMAIL_CC(0.00)[golang.org,comcast.net,cs.ucla.edu,baylibre.com,klomp.org,sourceware.org,gcc.gnu.org]; DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519]; FROM_EQ_ENVFROM(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; DBL_BLOCKED_OPENRESOLVER(0.00)[knuth.suse.de:helo] X-Spam-Score: -2.20 X-Spam-Level: X-Spam-Status: No, score=-3.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --8323328-969211685-1712160152=:12903 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8BIT Hello, On Wed, 3 Apr 2024, Martin Uecker wrote: > The backdoor was hidden in a complicated autoconf script... Which itself had multiple layers and could just as well have been a complicated cmake function. > > (And, FWIW, testing for features isn't "complex". And have you looked at > > other build systems? I have, and none of them are less complex, just > > opaque in different ways from make+autotools). > > I ask a very specific question: To what extend is testingĀ  > for features instead of semantic versions and/or supported > standards still necessary? I can't answer this with absolute certainty, but points to consider: the semantic versions need to be maintained just as well, in some magic way. Because ultimately software depend on features of dependencies not on arbitrary numbers given to them. The numbers encode these features, in the best case, when there are no errors. So, no, version numbers are not a replacement for feature tests, they are a proxy. One that is manually maintained, and hence prone to errors. Now, supported standards: which one? ;-) Or more in earnest: while on this mailing list here we could chose a certain set, POSIX, some languages, Windows, MacOS (versions so-and-so). What about other software relying on other 3rdparty feature providers (libraries or system services)? Without standards? So, without absolute certainty, but with a little bit of it: yes, feature tests are required in general. That doesn't mean that we could not do away with quite some of them for (e.g.) GCC, those that hold true on any platform we support. But we can't get rid of the infrastructure for that, and can't get rid of certain classes of tests. > This seems like a problematic approach that may have been necessary > decades ago, but it seems it may be time to move on. I don't see that. Many aspects of systems remain non-standardized. Ciao, Michael. --8323328-969211685-1712160152=:12903--