• shirro@aussie.zone
    link
    fedilink
    English
    arrow-up
    22
    arrow-down
    1
    ·
    edit-2
    8 months ago

    It is a compression library that is in the dependency tree for a large number of other packages though not as many as zlib which is in practically everything.

    xz development appears to have been compromised by some organisation in a long game targeting sshd in Debian and derivatives. Debian maintainers have a nasty habit of adding lots of patches to upstream sources which occasionally have unintended consequences. I am a long term Debian user but I wish they would stop doing this. Thankfully arch generally doesn’t modify upstream as much as Debian and arch sshd doesn’t link in the backdoored library.

    • SubArcticTundra
      link
      fedilink
      arrow-up
      1
      ·
      8 months ago

      Ah I see. Are there any reasons why people would choose to use xz over zlib?

      • Supermariofan67@programming.dev
        link
        fedilink
        arrow-up
        9
        ·
        8 months ago

        It compresses much better, by a lot, as zlib/deflate is an ancient algorithm made back when computers only had a few megabytes of ram.

        Nowadays though, zstd seems to be replacing both of them, as at max level it compresses about as well as xz while also being faster. Nevertheless, many programs link against all the common compression algorithms (xz/zlib/zstd/bz2) to support everything