Re: GNU Coding Standards, automake, and the recent xz-utils backdoor

[Eric Gallager]

On Sat, Mar 30, 2024 at 5:41 PM Bruno Haible <bruno@clisp.org> wrote:
>
> Eric Gallager wrote:
> > Recommending the `distcheck` target to a wider variety of users would
> > help more projects catch mismatches between things a distribution
> > tarball is supposed to contain, and things that it isn't.
>
> While 'make distcheck' detects some of these mismatches, it does not
> detect them all. In particular:
>
>   * In order to detect that a tarball contains too many files, that is,
>     some files that the release manager did not intend to include,
>     the best way is to compare the file list of the current tarball
>     with the previous version:
>       $ diff -r -q package-prev_version/ package-curr_version/
>
>   * In order to detect whether the packaged file list is consistent
>     with the .gitignore file, one can use
>       $ git status -u
>
> Bruno
>

Hm, so should automake's `distcheck` target be updated to perform
these checks as well, then?