It is a compression library that is in the dependency tree for a large number of other packages though not as many as zlib which is in practically everything.
xz development appears to have been compromised by some organisation in a long game targeting sshd in Debian and derivatives. Debian maintainers have a nasty habit of adding lots of patches to upstream sources which occasionally have unintended consequences. I am a long term Debian user but I wish they would stop doing this. Thankfully arch generally doesn’t modify upstream as much as Debian and arch sshd doesn’t link in the backdoored library.
Why does xz exist anyway?
It is a compression library that is in the dependency tree for a large number of other packages though not as many as zlib which is in practically everything.
xz development appears to have been compromised by some organisation in a long game targeting sshd in Debian and derivatives. Debian maintainers have a nasty habit of adding lots of patches to upstream sources which occasionally have unintended consequences. I am a long term Debian user but I wish they would stop doing this. Thankfully arch generally doesn’t modify upstream as much as Debian and arch sshd doesn’t link in the backdoored library.
It provides
liblzma
, an implementation of the lzma compression algorithmWhy does lzma exist anyway?
Exactly. People should just use zip for their compression libraries. Way more efficient