Conversation
Notices
-
Embed this notice
:umu: :umu: (a1ba@suya.place)'s status on Tuesday, 24-Jun-2025 23:39:55 JST 
:umu: :umu:
@thesamesam lol cmake -
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Tuesday, 24-Jun-2025 23:39:51 JST 
Haelwenn /элвэн/ :triskell:
@a1ba @uis @thesamesam Well there's only one that's a (confirmed) vector for malware :D -
Embed this notice
:umu: :umu: (a1ba@suya.place)'s status on Tuesday, 24-Jun-2025 23:39:52 JST
:umu: :umu:
@uis @thesamesam idk what's worse cmake or autotools -
Embed this notice
uis (uis@pone.social)'s status on Tuesday, 24-Jun-2025 23:39:53 JST 
uis
@a1ba @thesamesam should have used KConfig?
-
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Tuesday, 24-Jun-2025 23:51:11 JST
Haelwenn /элвэн/ :triskell:
@a1ba @uis @thesamesam Well so are GNU's numerous extensions and various abuses of m4 (such as loops). -
Embed this notice
:umu: :umu: (a1ba@suya.place)'s status on Tuesday, 24-Jun-2025 23:51:12 JST
:umu: :umu:
@lanodan @uis @thesamesam cmake's language is a malware for brain -
Embed this notice
mittorn (mittorn@masturbated.one)'s status on Tuesday, 24-Jun-2025 23:51:58 JST 
mittorn
@lanodan @uis @thesamesam @a1ba or only one yet.
autotools at least does not have FetchContent, while cmake may SILENTLY download something. This might be good for separate task, not during configureHaelwenn /элвэн/ :triskell: likes this. -
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Tuesday, 24-Jun-2025 23:54:14 JST
Haelwenn /элвэн/ :triskell:
@mittorn @uis @thesamesam @a1ba I think CMake FetchContent can be disabled at least?
But well if fetches can be a threat, given all buildsystems allow to execute arbitrary commands during build you should use some kind of isolation (such as unshare or bwrap). -
Embed this notice
uis (uis@pone.social)'s status on Tuesday, 24-Jun-2025 23:58:44 JST
uis
@mittorn @lanodan @thesamesam @a1ba last year I tried to package librosa for Gentoo. It kept triggering sandbox by trying to download test data from internet even if it was already downloaded. Ebuilds allow network access only during fetch phase.
Haelwenn /элвэн/ :triskell: likes this. -
Embed this notice
mittorn (mittorn@masturbated.one)'s status on Wednesday, 25-Jun-2025 01:29:37 JST
mittorn
@a1ba @uis @lanodan @thesamesam anyway, safe fetching should always include checksums and fetch should not be done in configuration stage, it must be separate stage. And FetchContent is worse than calling wget because it's standart feature (so cmake at some point advertise using it)
Haelwenn /элвэн/ :triskell: likes this. -
Embed this notice
:umu: :umu: (a1ba@suya.place)'s status on Wednesday, 25-Jun-2025 01:29:38 JST
:umu: :umu:
@mittorn @lanodan @uis @thesamesam btw I remember using it and while, yes, it can download and unpack stuff, it's weird that it's not verbose by default. Not arguing if it's an attack vector or something, just... why silent -
Embed this notice
Haelwenn /элвэн/ :triskell: (lanodan@queer.hacktivis.me)'s status on Wednesday, 25-Jun-2025 01:31:21 JST
Haelwenn /элвэн/ :triskell:
@mittorn @a1ba @uis @thesamesam I'd even say it shouldn't be done at all but I can already hear the whines from devs that have to support windows users.
-
Embed this notice
All GNU social JP content and data are available under the