@atrus @joeyh@hachyderm.io I think a more useful and realistic takeaway from the #xz #backdoor is that build systems should be clean, direct, simple, and easily readable. A key part was the m4 code in the build system that read the payload from the obfuscated test file. If the build system was easy to read, then it would have been a lot harder to do that.
@eighthave @joeyh My usual (slightly glib) response is that is to remind people how time-consuming dealing with the consequences of that generated content in the long term could be. 😛