Move away from autoconf?
Although I literally own two "I hate autoconf" t-shirts, I've always been extremely skeptical of the various new build systems which have attempted to replace it. They just introduce their own problems and compatibility issues (and I've literally found myself unable to easily build certain projects because they require a new version of meson/cmake/whatever).
Following the xz debacle, though, I'm wondering if we should switch. The problem with autoconf is that you end up with generated files in the tarball which aren't in git. And we do have a bunch of binary files that could be used to hide stuff, just like in the xz case (although I did ensure we have Makefile rules for all of them, I think).
That said, there's a whole bunch of other places, especially in testing (some of which even uses sudo!) that baroque scripting could be used to hide bad things. But that would have to be in git, not just slipped into a tarball.
Discuss.