-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 According to Ralf Corsepius on 4/21/2008 11:49 PM: | I am not upgrading the distro. I want to enable to developers to work on | my sources. Therefore, I am shipping autoconf+automake add-on packages | (Installed to /opt/...). | | ... now, autoconf is forcing me to also ship gm4. | | To me, this is a massive regression on autoconf's part.
I'm sorry you feel this is a regression, but autoconf has required gm4 for ages, and only now are we enforcing that gm4 is new enough to not silently generate broken configure files. | | What will be next - bash-X, gawk-Y? No. The resulting configure scripts do not depend on a particular bash or gawk version, so why should autoconf itself? In other words, it could be considered a regression if we added a dependence on a tool that we had not previously depended on. But we have depended on working gm4 and perl for YEARS. | | These distros are ultra-conservative, ... security fixes only, and | hardly any upgrades ever. And m4 1.4.4 and earlier have KNOWN security bugs. Your distro is doing you a disservice by not upgrading it. Even m4 1.4.10 has a known stack overrun/arbitrary code execution bug when abusing the -F option that was only fixed in 1.4.11. And guess what - autoconf uses the -F option (at least autoconf doesn't tickle the m4 bug in the normal use case of portable file names). - -- Don't work too hard, make some time for fun as well! Eric Blake [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (Cygwin) Comment: Public key at home.comcast.net/~ericblake/eblake.gpg Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkgN138ACgkQ84KuGfSFAYBN3gCg1DaVTF3WSJ6Z3oBJUpj2lRk2 GxQAnA4WcbZRpaQkJJfOP7yqoVYXZMuM =vgD3 -----END PGP SIGNATURE-----