cpython-source-deps
Source for packages that the cpython build process depends on (by python)
lbzip2
Parallel bzip2 utility (by kjn)
cpython-source-deps | lbzip2 | |
---|---|---|
1 | 2 | |
21 | 125 | |
- | - | |
6.1 | - | |
about 2 months ago | over 1 year ago | |
C | ||
- | GNU General Public License v3.0 only |
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
cpython-source-deps
Posts with mentions or reviews of cpython-source-deps.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2024-03-29.
-
Backdoor in upstream xz/liblzma leading to SSH server compromise
Python for Windows bundles liblzma from this project, but it appears to be version 5.2.5 [0] vendored into the Python project's repo on 2022-04-18 [1], so that should be fine, right?
[0] https://github.com/python/cpython/blob/main/PCbuild/get_exte...
[1] https://github.com/python/cpython-source-deps/tree/xz
lbzip2
Posts with mentions or reviews of lbzip2.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2024-03-29.
-
Xz format inadequate for long-term archiving (2022-02-02)
Spoiler: this lbzip2 code produces corrupted files in some cases, should we care if it is a backdoor? Or as usual, disable optimizations, disable valgrind, disable fuzzers and say that everything is ok?
[1] https://www.phoronix.com/news/Linux-6.9-Bcachefs-Attempt
[2] https://github.com/kjn/lbzip2/blob/b6dc48a7b9bfe6b340ed1f6d7...
-
Backdoor in upstream xz/liblzma leading to SSH server compromise
The website change reminds me a bit of lbzip2.org https://github.com/kjn/lbzip2/issues/26#issuecomment-1582645... Although, at the moment, it only seems to be spam. The last commit was 6 years ago, so I guess that's better than a maintainer change...
What are some alternatives?
When comparing cpython-source-deps and lbzip2 you can also consider the following projects:
stencil-golang - Template repository for Golang applications