[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] Distribute bootstrap and bootstrap.conf
From: |
Colin Watson |
Subject: |
Re: [PATCH] Distribute bootstrap and bootstrap.conf |
Date: |
Sun, 31 Mar 2024 20:03:32 +0100 |
On Sun, Mar 31, 2024 at 06:04:47AM -0500, G. Branden Robinson wrote:
> At 2024-03-31T11:30:25+0100, Colin Watson wrote:
> > I looked into what it would take for Debian's groff package to do a
> > full rebootstrap from its packaged version of gnulib. It seems
> > relatively straightforward, but it requires including bootstrap and
> > bootstrap.conf in tarballs so that we know what modules to use.
>
> 2 lines of diff naming the two files! I don't think it _gets_ more
> straightforward.
>
> It's so close to April Fool's Day, I would have been tickled if you'd
> submitted it more like this.
:-)
> They say this was a "sophisticated attacker", but it also appears to be
> one who didn't grasp that "> /dev/null" is redundant with "grep -q".
Some of the sophistication was burying the actual exploit in confusion,
of course ...
> > I've omitted README.git to ensure that we still warn people who don't
> > know what they're doing that running "./bootstrap" may not be the
> > right place to start.
>
> I approve of this change. Push it whenever you're ready unless you
> would like to await feedback from others. (Hard to imagine a case
> against, though.)
Done, thanks.
--
Colin Watson (he/him) [cjwatson@debian.org]