| 1 |
Ryan Hill wrote: |
| 2 |
> On Wed, 07 May 2008 16:23:12 +0300 |
| 3 |
> Mart Raudsepp <leio@g.o> wrote: |
| 4 |
> |
| 5 |
> |
| 6 |
>> Hello, |
| 7 |
>> |
| 8 |
>> Over the course of this year, a lzma-utils buildtime dependency has |
| 9 |
>> been added to a few system packages, to handle .tar.lzma tarballs. |
| 10 |
>> This has huge implications on the requirement of the system toolchain, |
| 11 |
>> which is highly disturbing from a minimal (lets say embedded) systems |
| 12 |
>> concern - lzma-utils depends on the C++ compiler and the libstdc++ |
| 13 |
>> beast, while a minimal system would like to avoid this at all cost. |
| 14 |
>> |
| 15 |
> |
| 16 |
> The new lzma-utils codebase uses liblzma, written in C. It's at the |
| 17 |
> alpha stage but supposedly supports encoding/decoding the current lzma |
| 18 |
> format "well enough" (;P). It probably has some fun bugs to find |
| 19 |
> and squish. |
| 20 |
> |
| 21 |
> http://sf.net/mailarchive/forum.php?thread_name=200804251652.58484.lasse.collin%40tukaani.org&forum_name=lzmautils-announce |
| 22 |
> |
| 23 |
> |
| 24 |
According to the mailing list this change was done to fix security holes |
| 25 |
in the format and also resulted in a slightly different format that's |
| 26 |
incompatible with the previous verion. So lzma 5.x and higher will be a |
| 27 |
different on disk format. It's troubling to me that projects are using |
| 28 |
lzma when it's on disk format isn't even final and the project has |
| 29 |
security issues. |
| 30 |
-- |
| 31 |
gentoo-dev@l.g.o mailing list |
Archives