Re: Switching away from XZ

To: Martin Husemann <martin%duskware.de@localhost>
Subject: Re: Switching away from XZ
From: Jonathan Schleifer <js%NetBSD.org@localhost>
Date: Fri, 5 Apr 2024 11:14:10 +0200

Am 04.04.24 um 08:18 schrieb Martin Husemann:

I am not sure what you suggest to do. Running sed from a script and
replacing all .tar.xz suffixes in pkgsrc makefiles obviously won't
work. It is not our choice how other projects package their sources.

The suggestion would be for packages that offer both xz and anotherformat, to switch to the other format, to make sure that we have as fewpackages on xz as possible to keep the attack surface as small as possible.

Manually going through all packages using .tar.xz, checking if upstream
provides different compression formats (as some of them do) and
selecting a different one, testing and committing that change is
something that would work.


Yep, that was exactly the proposal.

Arbitrarily declaring a new prefered format (like zstd) is nice but has no
practical effect, IMHO.

And that was never the proposal :). The proposal was to be pragmatic andswitch what we easily can.


--
Jonathan

References:
- Switching away from XZ
  - From: Jonathan Schleifer
- Re: Switching away from XZ
  - From: Alistair Crooks
- Re: Switching away from XZ
  - From: Jonathan Schleifer
- Re: Switching away from XZ
  - From: Jonathan Schleifer
- Re: Switching away from XZ
  - From: Martin Husemann

Prev by Date: Re: Switching away from XZ
Next by Date: Re: Switching away from XZ
Previous by Thread: Re: Switching away from XZ
Next by Thread: Re: Switching away from XZ
Indexes:

Home | Main Index | Thread Index | Old Index