That was my immediate reaction here: one of the reasons the xz backdoor was possible is that nobody is going to question the idea of shipping a tarball to spare users from having to touch Autotools.
Of course I wouldn't think of manually hacking together Makefiles since I come from languages that have either the One True Build Tool or a standard for packaging and defining build backends.
I think the author's aversion to build tools trying (and apparently failing) to make everyone's life easier is more a statement about how much C/C++ have suffered from not having a standard for packages.
C/C++ have suffered from not having a standard for packages
On top of the languages being a wonderful torture devices, their ecosystems are hell: SCons, Make, CMake, autotools, the configure scripts, lacking package management with no registry, no version locks, no good opensource IDEs, etc. . While the language has simply become a dumping ground for every paradigm known to programmers, the ecosystem is stuck in the 90s.
That was my immediate reaction here: one of the reasons the xz backdoor was possible is that nobody is going to question the idea of shipping a tarball to spare users from having to touch Autotools.
Of course I wouldn't think of manually hacking together Makefiles since I come from languages that have either the One True Build Tool or a standard for packaging and defining build backends.
I think the author's aversion to build tools trying (and apparently failing) to make everyone's life easier is more a statement about how much C/C++ have suffered from not having a standard for packages.
On top of the languages being a wonderful torture devices, their ecosystems are hell: SCons, Make, CMake, autotools, the configure scripts, lacking package management with no registry, no version locks, no good opensource IDEs, etc. . While the language has simply become a dumping ground for every paradigm known to programmers, the ecosystem is stuck in the 90s.
::: spoiler Anti Commercial AI thingy CC BY-NC-SA 4.0 :::