|
|
Subscribe / Log in / New account

A smaller, more trustable tarball

A smaller, more trustable tarball

Posted Mar 24, 2025 20:05 UTC (Mon) by mathstuf (subscriber, #69389)
In reply to: A smaller, more trustable tarball by farnz
Parent article: Julien Malka proposes method for detecting XZ-like backdoors

> but you can't build xz from source control without autoconf.

`xz` also supports being built with CMake which would break this cycle: <https://github.com/tukaani-project/xz/blob/master/CMakeLi...>. CMake can bootstrap itself where it generates a "minimal CMake" using a shell script to drive a basic compilation enough to compile the rest of CMake itself (though this doesn't work on Windows; an existing CMake is needed there).

to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds