[Rpm-maint] [rpm-software-management/rpm] Is there a move away from the XZ Utils component in progress? (Discussion #3021)

Ricky Tigg notifications at github.com
Fri Apr 5 12:30:23 UTC 2024


Hello. In light of the fiasco caused by the discovery of a backdoor in the component _xz_ in a known version range, is there at this time a consensus on compression for future releases within the RPM/DNF component developer teams, in order to consider moving away from **XZ Utils**, e.g. in favor of the _zstd_ **(Zstandard**) component?

Components pertinent for the context that currently require it:
```
$ dnf -q rq --installed --alldeps --whatrequires xz-libs --qf '%{name} v. %{version}' \
| grep -E 'rpm|dnf|^libdnf|^libsolv'
deltarpm v. 3.6.3
libsolv v. 0.7.28
rpm-libs v. 4.19.1.1
```
P.S. _xz-libs_ component provides _/usr/lib64/liblzma.so*_.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/discussions/3021
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/repo-discussions/3021 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20240405/38d28275/attachment.html>


More information about the Rpm-maint mailing list