This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Steering committee, please, consider using lzip instead of xz


On Thu, Jun 08, 2017 at 11:27:30AM +0200, Antonio Diaz Diaz wrote:
> Gzip was once ubiquituous in distro packages and it was replaced. But this
> time distros won't lead the change because they can work around the main
> defects of xz. As you can read in section 2.2 of
> http://www.nongnu.org/lzip/xz_inadequate.html#fragmented

You keep referencing the marketing pages of one of the formats comparing to
other formats, that can be hardly considered unbiased.  Most of the
compression formats have similar kind of pages, usually biased as well.

> "Distributing software in xz format can only be guaranteed to be safe if the
> distributor controls the decompressor run by the user (or can force the use
> of external means of integrity checking)".
> 
> Distros control the package manager, which can even verify package
> signatures by default. For them xz, or even lzma-alone, is good enough. The
> only way for distros to change is that a significant number of upstream
> projects change first. This is why upstream projects willing and able to
> compare lzip and xz based on their technical merits are required to lead the
> way.

For integrity checking, gcc provides the md5.sum, sha512.sum files on
gcc.gnu.org and gpg signatures on ftp.gnu.org.  The choice of xz is that it
is used very widely these days, which is not the case of lzip.

	Jakub


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]