> This article started with a series of posts to the debian-devel mailing list [Debian], where it became clear that nobody had analyzed xz in any depth before adopting it in the Debian package format.
Debian source packages are cryptographically signed. Debian archives are also cryptographically signed. There's no error-correction, but you don't want that. You just want to verify integrity every time you make a copy, and re-copy if it didn't copy right. And all the tools do that.
I remember this discussion on debian-devel, and there were a lot of people pointing out that the author's guesses at Debian's threat model had little to do with Debian's actual threat model, at which point the author became frustrated.
The Debian file format also doesn't take advantage of any supposed benefit of xz over lzma, and so is simply taking in the cost of xz's larger file size for what I consider to be "absolutely no good reason" (and as a major downstream of dpkg I pointed this out to its author a month or two ago when I re-asserted non-deprecated status for .lzma Debian packages as now one of only two noticeable changes I maintain to dpkg).
Debian source packages are cryptographically signed. Debian archives are also cryptographically signed. There's no error-correction, but you don't want that. You just want to verify integrity every time you make a copy, and re-copy if it didn't copy right. And all the tools do that.
I remember this discussion on debian-devel, and there were a lot of people pointing out that the author's guesses at Debian's threat model had little to do with Debian's actual threat model, at which point the author became frustrated.