In public discussions about the backdoor recently discovered in xz-utils, I
have noticed that some people are considering a possible switch to lzip but
are worried that the same social engineering techniques that made possible
the insertion of the backdoor in xz might also be used against lzip. I would
like to explain why I think this is not the case.
I don't write free software for fun (even if I enjoy writing it) nor for
competing with other fellow developers. I wrote lzip because there was a
need to replace the lzma-alone format. I think lzip is a good format and a
good software. I am very pleased that the NASA, the IANA Time Zone Database,
and many others have found lzip useful. I believe in human progress and I
consider lzip as one of my contributions to the common good. I am therefore
very careful about the maintenance of lzip.
I have been a GNU maintainer for more than 20 years and I plan to maintain
lzip for many years more. But if something bad happens to me, my daughter is
ready to continue maintaining it. She has been helping me for years, and is
familiar with the code of my programs. In fact she has borrowed some of my
code for her own programs. She has also translated the pages of some of my
programs.
Moreover, when the day comes that the GNU project needs to find adequate
replacement maintainers for my GNU packages, it will be easy for any of the
new maintainers to also maintain lzip because lzip shares a good amount of
code with my GNU packages and maintaining it takes little work.
So, if you are considering a possible switch to lzip, rest assured that lzip
has a low probability of suffering maintenance problems in the foreseeable
future.
Finally I would like to show my support for Lasse Collin, who seems to be
the main victim of this incident.
Best regards,
Antonio.
- Statement about the maintenance of lzip Antonio Diaz Diaz
-
