• Corngood
    link
    fedilink
    English
    arrow-up
    2
    ·
    7 months ago

    There’s actually not that much autotools jank, really. There’s configure.ac and a few Makefile.am. The CMakeLists.txt in the root is bigger than any of those files.

    There’s also some stuff from autotools archive in m4/. IMO that’s a bad practice and we should instead be referencing them as a build dependencies.

    I’m not convinced this backdoor would have been significantly more difficult to hide in the cmake code.

    • flying_sheep
      link
      fedilink
      English
      arrow-up
      3
      ·
      7 months ago

      My point was that packagers should use straight up VCS and run all build tools instead of relying on partially pre-built tarballs uploaded by the upstream maintainers.

      • Corngood
        link
        fedilink
        English
        arrow-up
        1
        ·
        7 months ago

        Oh yeah, that was pretty much the point I was trying to make too.