A backdoor in xz

My approach to reviewing commits with autogenerated code (in the context of approving a pull request) is to autogenerate the code myself and see if I get the same result. If there are differences between the submitted code and what I could autogenerate myself, then that's probably the interesting stuff to look at. If I don't know how to autogenerate it myself, I ask the author to provide the instructions in the commit message or in a source code comment. Having autogenerated code in a source code repository is not nice, but if it's necessary, then the code review process needs to adapt to it.