On Sat, Mar 30, 2024 at 11:55:04AM +0000, Luca Boccassi wrote: >... > In the end, massaged tarballs were needed to avoid rerunning > autoconfery on twelve thousands different proprietary and > non-proprietary Unix variants, back in the day. In 2024, we do > dh_autoreconf by default so it's all moot anyway. >...
The first step of the xz exploit was in a vendored gnulib m4 file that is not (and should not be) in git and that does not get updated by dh_autoreconf. cu Adrian
