Sourceware mitigating and preventing the next xz-backdoor

[Frank Ch. Eigler]

Hi -

>    This is very true, however a few words of caution: IME this is a
>    maintainability nightmare. Fixing patches that forgot to regenerate,
>    regenerating on rebase, confirming everything is up-to-date before
>    merge, etc etc. It can be handled, I have, but it was painful and
>    time-consuming.The hardest part was ensuring everyone was actually
>    running the "right" version of Auto* [...]

One way to make the nightmare into a light hassle is to let developers
commit auto* hand-written inputs with or without Complete Properly
refreshed generated bits, and let a maintainer or bot (but I repeat
myself) periodically regenerate the derived auto* content.

- FChE