On 5/31/24 14:31, Rich Pieri wrote:
It was very cleverly, and very insidiously, concealed in a test harness
used by automated build systems to validate the builds, in tarballs you
probably would not have used, and even then it was triggered only under
very specific conditions.
Jeeze. Sounds to me like an argument for stuff being too complex is a
bad idea.
I more than once have argued that I should be allowed to merge test code
that is repetitive, straight line stuff, and is not clever and is not
factored into terse abstractions, hidden in layers of test harnesses
that please programmers. Because test code should be simple. It should
be *simpler* than the code it tests. But what fun is that?
If systemd weren't nigh-ubiquitous target then they would have
targeted something else.
You seem to be arguing that a state actor did this therefore nothing
could have been done, nothing could be improved, everyone is blameless.
I say anyone patching OpenSSH is a really, really iffy idea. I say
systemd is too complex. I say xz using obscure M4 scripts few people
*ever* understood was an unfortunate decision that proved dangerous.
-kb
_______________________________________________
Discuss mailing list
Discuss@driftwood.blu.org
https://driftwood.blu.org/mailman/listinfo/discuss
