Sourceware mitigating and preventing the next xz-backdoor
Jeffrey Walton
noloader@gmail.com
Wed Apr 3 14:46:21 GMT 2024
On Wed, Apr 3, 2024 at 10:33 AM Martin Uecker via Gdb
<gdb@sourceware.org> wrote:
>
> Am Mittwoch, dem 03.04.2024 um 16:00 +0200 schrieb Michael Matz:
> > [...]
> > (And, FWIW, testing for features isn't "complex". And have you looked at
> > other build systems? I have, and none of them are less complex, just
> > opaque in different ways from make+autotools).
>
> I ask a very specific question: To what extend is testing
> for features instead of semantic versions and/or supported
> standards still necessary? This seems like a problematic approach
> that may have been necessary decades ago, but it seems it may be
> time to move on.
I think it is still needed. As a first example, Musl does not define
preprocessor macros to identify itself. The project feels features
should be probed at build time with a tool like Autoconf. As a second
example, activating code paths, like AVX2 and AVX512, requires
ensuring the compiler actually supports the ISA. Building a program on
an older distribution with an older compiler could run afoul.
Jeff
More information about the Binutils
mailing list