On 4/9/24 14:58, Sam James wrote:
Meson doesn't allow user-defined functions
Meson has ways to execute arbitrary user-defined code, so it's not immune to this sort of exploit.
It's of course better (all other things being equal) to use a build system with a smaller attack surface. However, any surface of nonzero size is attackable, so I'm not convinced that Meson is significantly safer against a determined insider. Although the xz exploit was tricky and is now famous (hey! the front page of the New York Times!) fundamentally it was sloppy and amateurish and it succeeded only because xz's project management was even sloppier.
Yes, we need to defend against amateurish attacks. But we shouldn't waste valuable developer time on defenses that won't work against obvious future attacks and that will likely cost more than they'll benefit. That's just security theater.