[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: GNU Coding Standards, automake, and the recent xz-utils backdoor
From: |
Jeffrey Walton |
Subject: |
Re: GNU Coding Standards, automake, and the recent xz-utils backdoor |
Date: |
Tue, 2 Apr 2024 18:11:30 -0400 |
On Tue, Apr 2, 2024 at 6:05 PM Karl Berry <karl@freefriends.org> wrote:
>
> I'm also wondering whether the GNU system should recommend using zstd
> instead of or in addition to xz for compression purposes.
>
> I'm not sure GNU explicitly recommends anything. Although the tarball
> examples in standards.texi and maintain.texi all use gz, I don't think
> even gz is explicitly recommended. (Which seems ok to me.)
As an extra datapoint, Debian does xz in some areas. From
<https://wiki.debian.org/DebianRepository/Format#Compression_of_indices>:
Clients must support xz compression, and
must support gzip and bzip2 ...
Servers should offer only xz compressed files,
except for the special cases listed above.
> Personally, I would support lz4 over zstd simply because more GNU
> packages already use lz4.(*) Both lz4 and zstd are quite a bit less
> resource-hungry than xz, especially for compression. I don't know if
> there is a technical reason to prefer zstd.
>
> In general, I think it can continue to be left up to individual
> maintainers, vs. making any decrees. Automake supports them all
> (among others). --best, karl.
>
> (*) Looking at a listing of ftp.gnu.org, I see only gmp using zst, and
> perhaps a dozen or so packages using lz. Basically always in addition to
> another format.
Jeff
- Re: GCC reporting piped input as a security feature (was: GNU Coding Standards, automake, and the recent xz-utils backdoor), (continued)
- Re: GCC reporting piped input as a security feature (was: GNU Coding Standards, automake, and the recent xz-utils backdoor), Richard Stallman, 2024/04/08
- Re: GCC reporting piped input as a security feature, Jacob Bachmeyer, 2024/04/08
- Re: GCC reporting piped input as a security feature, Jan Engelhardt, 2024/04/09
- Re: GCC reporting piped input as a security feature, Jacob Bachmeyer, 2024/04/09
- Re: GCC reporting piped input as a security feature, Zack Weinberg, 2024/04/11
- Re: GCC reporting piped input as a security feature, Jacob Bachmeyer, 2024/04/12
- Re: GCC reporting piped input as a security feature (was: GNU Coding Standards, automake, and the recent xz-utils backdoor), Richard Stallman, 2024/04/08
Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Eric Blake, 2024/04/02
- Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Bob Friesenhahn, 2024/04/02
- Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Karl Berry, 2024/04/02
- Re: GNU Coding Standards, automake, and the recent xz-utils backdoor,
Jeffrey Walton <=
- Re: compressed release distribution formats (was: GNU Coding Standards, automake, and the recent xz-utils backdoor), Jacob Bachmeyer, 2024/04/02
- Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Richard Stallman, 2024/04/03
- Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Richard Stallman, 2024/04/03
Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Richard Stallman, 2024/04/02
Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Richard Stallman, 2024/04/02
Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Richard Stallman, 2024/04/02
Re: GNU Coding Standards, automake, and the recent xz-utils backdoor, Richard Stallman, 2024/04/02