Paul Eggert writes: > On 4/9/24 14:58, Sam James wrote: >> Meson doesn't allow user-defined functions > > Meson has ways to execute arbitrary user-defined code, so it's not > immune to this sort of exploit. To be clear - not saying it's immune. Just that it scopes the user-defined code part to clearly defined sections. I think it makes sense to optimise for ease of review. > > It's of course better (all other things being equal) to use a build > system with a smaller attack surface. However, any surface of nonzero > size is attackable, so I'm not convinced that Meson is significantly > safer against a determined insider. Although the xz exploit was tricky > and is now famous (hey! the front page of the New York Times!) > fundamentally it was sloppy and amateurish and it succeeded only > because xz's project management was even sloppier. > > Yes, we need to defend against amateurish attacks. But we shouldn't > waste valuable developer time on defenses that won't work against > obvious future attacks and that will likely cost more than they'll > benefit. That's just security theater. Right, I'm not advocating that. It's just easy to go too far the other way too and not change anything because it won't hold up against a state actor.