Re: Adding support for LZIP to dpkg, using that instead of xz, archive wide

To: debian-devel@lists.debian.org
Subject: Re: Adding support for LZIP to dpkg, using that instead of xz, archive wide
From: Vincent Lefevre <vincent@vinc17.net>
Date: Sun, 26 Jul 2015 21:18:27 +0200
Message-id: <[🔎] 20150726191827.GA11938@zira.vinc17.org>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 55B4CE22.9050304@gnu.org>
References: <20150614034559.GA10559@gaara.hadrons.org> <[🔎] 55B4CE22.9050304@gnu.org>

On 2015-07-26 14:10:10 +0200, Antonio Diaz Diaz wrote:
> Guillem Jover wrote:
> >TBH this smells like FUD. For example I've never heard of corruption in
> >.xz files due to non-robustness, I'd expect that corruption to come from
> >external forces, and that integrity would help or not detect it.
> 
> Sure it comes from external forces, but xz does something that no other
> compressor does: even if the corruption does not affect the data and xz is
> able to produce perfectly correct output, it will report "Compressed data is
> corrupt" and will exit with non-zero status anyway. Just take any xz file
> and append a null character to it. Bzip2, gzip and lzip simply ignore the
> extra byte.
> 
> But not only that. Xz is the only format (of the four mentioned) whose parts
> need to be aligned to a multiple of four bytes. The size of a xz file must
> also be a multiple of four bytes. To achieve this, xz includes padding
> everywhere; after headers, blocks, the index, and the whole stream. The bad
> news is that if the (useless) padding is altered in any way, "the decoder
> MUST indicate an error" according to the xz format specification.
> 
> This is specially bad when xz is used with tar, making the whole command to
> fail and the whole archive to be discarded as corrupt.
> 
> And this fragility is one of the perverse effects of the unbelievably stupid
> design of xz; "It is possible that there is a new field present which the
> decoder is not aware of, and can thus parse the Block Header
> incorrectly[1]".
> 
> [1] http://tukaani.org/xz/xz-file-format.txt (see 3.1.6. Header Padding)
> 
> So yes, the xz format is objectively more fragile than the other three.

I completely disagree. IMHO, a decompressor should be very strict and
detect any suspicious modification. In case of error, it is better to
carefully check with a second source of the compressed file.

-- 
Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Reply to:

Follow-Ups:
- Re: Re: Adding support for LZIP to dpkg, using that instead of xz, archive wide
  - From: Antonio Diaz Diaz <antonio@gnu.org>
- Re: Re: Adding support for LZIP to dpkg, using that instead of xz, archive wide
  - From: Antonio Diaz Diaz <antonio@gnu.org>

References:
- Re: Adding support for LZIP to dpkg, using that instead of xz, archive wide
  - From: Antonio Diaz Diaz <antonio@gnu.org>

Prev by Date: Trouble making an ITP - continued
Next by Date: Bug#793733: ITP: minizinc-ide -- MiniZinc constraint modelling language IDE
Previous by thread: Re: Adding support for LZIP to dpkg, using that instead of xz, archive wide
Next by thread: Re: Re: Adding support for LZIP to dpkg, using that instead of xz, archive wide
Index(es):
- Date
- Thread