On Thu, 08 May 2008 09:17:08 -0400
Doug Goldstein <cardoe@g.o> wrote:

> Ryan Hill wrote:
> > The new lzma-utils codebase uses liblzma, written in C.  It's at the
> > alpha stage but supposedly supports encoding/decoding the current
> > lzma format "well enough" (;P).  It probably has some fun bugs to
> > find and squish.
> >
> > http://sf.net/mailarchive/forum.php?thread_name=200804251652.58484.lasse.collin%40tukaani.org&forum_name=lzmautils-announce

> According to the mailing list this change was done to fix security
> holes in the format and also resulted in a slightly different format
> that's incompatible with the previous verion. So lzma 5.x and higher
> will be a different on disk format. It's troubling to me that
> projects are using lzma when it's on disk format isn't even final and
> the project has security issues.

The current format is fine.  It's the new format that has
design/security issues.  Yes the formats are incompatible, but so
are .tar.lzma and .7z, which are both lzma.  Either way I was just
offering it as a data point.  I have no real opinion one way or the
other.


-- 
fonts, gcc-porting,                               by design, by neglect
mips, treecleaner,                        for a fact or just for effect
wxwidgets @ gentoo     EFFD 380E 047A 4B51 D2BD C64F 8AA8 8346 F9A4 0662