After the xz fiasco especially, I think less familiar and “config” style language, ahem, … dumps? should be avoided as best as possible in major projects. How many programmers know Bash well? How...
After the xz fiasco especially, I think less familiar and “config” style language, ahem, … dumps? should be avoided as best as possible in major projects. How many programmers know Bash well? How many can read a complex Makefile and determine that actually, this will load malware!, and so on?
I don’t know what the alternatives are, though. Declare everything in higher-level languages? Write your own compilation steps in a script-style short program (that’s not in a shell language, e.g. conf.py) and keep the actual config strictly “un-executable” (json, toml, yaml, …)? I am not at all an expert here; and complex build steps withoutmake are probably also too much of a pain, especially in an already-established system.
Let's see if we can make it to April
After the xz fiasco especially, I think less familiar and “config” style language, ahem, … dumps? should be avoided as best as possible in major projects. How many programmers know Bash well? How many can read a complex Makefile and determine that actually, this will load malware!, and so on?
I don’t know what the alternatives are, though. Declare everything in higher-level languages? Write your own compilation steps in a script-style short program (that’s not in a shell language, e.g.
conf.py
) and keep the actual config strictly “un-executable” (json, toml, yaml, …)? I am not at all an expert here; and complex build steps withoutmake
are probably also too much of a pain, especially in an already-established system.