• Corngood@lemmy.ml
    link
    fedilink
    English
    arrow-up
    2
    ·
    7 months ago

    There’s actually not that much autotools jank, really. There’s configure.ac and a few Makefile.am. The CMakeLists.txt in the root is bigger than any of those files.

    There’s also some stuff from autotools archive in m4/. IMO that’s a bad practice and we should instead be referencing them as a build dependencies.

    I’m not convinced this backdoor would have been significantly more difficult to hide in the cmake code.

    • flying_sheep@lemmy.ml
      link
      fedilink
      English
      arrow-up
      2
      ·
      7 months ago

      My point was that packagers should use straight up VCS and run all build tools instead of relying on partially pre-built tarballs uploaded by the upstream maintainers.