• @[email protected]
    link
    fedilink
    English
    28 months ago

    There’s actually not that much autotools jank, really. There’s configure.ac and a few Makefile.am. The CMakeLists.txt in the root is bigger than any of those files.

    There’s also some stuff from autotools archive in m4/. IMO that’s a bad practice and we should instead be referencing them as a build dependencies.

    I’m not convinced this backdoor would have been significantly more difficult to hide in the cmake code.

    • @[email protected]
      link
      fedilink
      English
      38 months ago

      My point was that packagers should use straight up VCS and run all build tools instead of relying on partially pre-built tarballs uploaded by the upstream maintainers.