[[[ To any NSA and FBI agents reading my email: please consider ]]] [[[ whether defending the US Constitution against all enemies, ]]] [[[ foreign or domestic, requires you to follow Snowden's example. ]]]
> > Another related check that /would/ have caught this attempt would be > > comparing the aclocal m4 files in a release against their (meta)upstream > > sources before building a package. This is something distribution > > maintainers could do without cooperation from upstream. If > > m4/build-to-host.m4 had been recognized as coming from gnulib and > > compared to the copy in gnulib, the nonempty diff would have been > > suspicious. I have a hunch that some effort is needed to do that comparison, but that it is feasible to write a script to do it could make it easy. Is that so? -- Dr Richard Stallman (https://stallman.org) Chief GNUisance of the GNU Project (https://gnu.org) Founder, Free Software Foundation (https://fsf.org) Internet Hall-of-Famer (https://internethalloffame.org)
