[Discuss] Debian 12 in the Cloud

[Kent Borg]

On 5/31/24 14:31, Rich Pieri wrote:
> It was very cleverly, and very insidiously, concealed in a test harness
> used by automated build systems to validate the builds, in tarballs you
> probably would not have used, and even then it was triggered only under
> very specific conditions.

Jeeze. Sounds to me like an argument for stuff being too complex is a 
bad idea.

I more than once have argued that I should be allowed to merge test code 
that is repetitive, straight line stuff, and is not clever and is not 
factored into terse abstractions, hidden in layers of test harnesses 
that please programmers. Because test code should be simple. It should 
be *simpler* than the code it tests. But what fun is that?


> If systemd weren't nigh-ubiquitous target then they would have 
> targeted something else.
>
You seem to be arguing that a state actor did this therefore nothing 
could have been done, nothing could be improved, everyone is blameless.

I say anyone patching OpenSSH is a really, really iffy idea. I say 
systemd is too complex. I say xz using obscure M4 scripts few people 
*ever* understood was an unfortunate decision that proved dangerous.


-kb