Hello. In light of the fiasco caused by the discovery of a backdoor in the
component _xz_ in a known version range, is there at this time a consensus on
compression for future releases within the RPM/DNF component developer teams,
in order to consider moving away from **XZ Utils**, e.g. in favor of the _zstd_
**(Zstandard**) component?
Components pertinent for the context that currently require it:
```
$ dnf -q rq --installed --alldeps --whatrequires xz-libs --qf '%{name} v.
%{version}' \
| grep -E 'rpm|dnf|^libdnf|^libsolv'
deltarpm v. 3.6.3
libsolv v. 0.7.28
rpm-libs v. 4.19.1.1
```
P.S. _xz-libs_ component provides _/usr/lib64/liblzma.so*_.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/discussions/3021
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/repo-discussions/3...@github.com>_______________________________________________
Rpm-maint mailing list
Rpm-maint@lists.rpm.org
http://lists.rpm.org/mailman/listinfo/rpm-maint
