Ubuntu explores replacing gnu utils with rust based uutils
-
Time for Mecha-Stallman to declare war.
The time has come to GNU-slash the enemies of freedom!
-
GNU/Linux
Rust/Linuxuutils/Linux?
-
the deGPLification of the Linux ecosystem ffs
Kinda like a full 180° back to UNIX
. -
See other comments: all these rewrites are not using the GPL but rather permissive licenses like MIT. Bye-bye FOSS (in those ecosystems).
-
Mainly memory safety;
split(which is also used for other programs likesort) had a memory heap overflow issue last year to name one.
The GNU Coreutils are well tested and very well written, the entire suite of programs has a CVE only once every few years from what I can see, but they do exist and most of those would be solved with a memory and type safe language.That said, Rust also handles parallelism and concurrency much better than C ever could, though most of these programs don't really benefit from that or not much since they already handled this quite well, especially for C programs.
-
I wonder whether Linux Mint will follow suit?
Likely not anytime soon as they tend to hold off latest features and prefer older (but maintained) LTS versions of just about everything.
Also especially not if it turns out to be a bad idea; they explicitly build Mint without Snaps since their inclusion in the Ubuntu base. -
I fear moving away from GPL that moving to Rust seems to bring, but Rust does fix real memory issues.
Take the recent rsync vulnerabilities for example.
At least this one in a Rust implementation of rsync would have very likely been avoided:
CVE-2024-12085 – A flaw was found in the rsync daemon which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time. Info Leak via uninitialized Stack contents defeats ASLR.
-
I wonder whether Linux Mint will follow suit?
As I recall ubuntu still allows changing uutils to coreutils. So it looks like Linux Mint will continue to use coreutils instead of uutils
-
See other comments: all these rewrites are not using the GPL but rather permissive licenses like MIT. Bye-bye FOSS (in those ecosystems).
I don't like them moving away from gpl but there were already plenty of non-gpl coreutils clones, so, i'm not sure how much it really matters as long as the linux kernel is still gpl.
-
So i hear that removing all the gnu stuff opens linux to be redistributed with a bew liesinse like mit. Which means its a little more closed iff a little more monitized.
Not knowledge enough on my own to know for sure. If someone with more knowledge could explain.
This is one of the old-time original arguments in the OSS community.
The crux of the matter is that the GNU licenses require that modifications be released back to the community. Other "more permissible" licenses like MIT do not.
So if you want to make a commercial version of X, and X is under a GPL, then any changes you make need to be released under the GPL. The idea being "I shared this code with the community with the intent that you can use it for free and modify it as you like, but you need to share back what you do." Also called "Share and share alike".
This defends against "embrace, extend, extinguish" tactics that companies like Microsoft has loved to do. They can't take your code, modify it for their own purposes and re-sell it possibly making a more popular version that is now proprietary.
-
I don't like them moving away from gpl but there were already plenty of non-gpl coreutils clones, so, i'm not sure how much it really matters as long as the linux kernel is still gpl.
Unlike the other alternative coreutils, uutils focuses on GNU compatibility. If you depend on GNUisms, this allows you to unGNU & unGPLv3+ your system.
-
I don't like them moving away from gpl but there were already plenty of non-gpl coreutils clones, so, i'm not sure how much it really matters as long as the linux kernel is still gpl.
as long as the linux kernel is still gpl.
I seem to recall some drama about rust in the kernel... what could that mean...
-
I fear moving away from GPL that moving to Rust seems to bring, but Rust does fix real memory issues.
Take the recent rsync vulnerabilities for example.
At least this one in a Rust implementation of rsync would have very likely been avoided:
CVE-2024-12085 – A flaw was found in the rsync daemon which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time. Info Leak via uninitialized Stack contents defeats ASLR.
I fear moving away from GPL that moving to Rust seems to bring, but Rust does fix real memory issues.
So you prefer closed-source code to potentially unsafe open-source code?
Take the recent rsync vulnerabilities for example.
Already fixed, in software that's existed for years and is used by millions. But Oh no, memory issues, let's rewrite that in <language of the month>! will surely result in a better outcome.
-
Mainly memory safety;
split(which is also used for other programs likesort) had a memory heap overflow issue last year to name one.
The GNU Coreutils are well tested and very well written, the entire suite of programs has a CVE only once every few years from what I can see, but they do exist and most of those would be solved with a memory and type safe language.That said, Rust also handles parallelism and concurrency much better than C ever could, though most of these programs don't really benefit from that or not much since they already handled this quite well, especially for C programs.
but they do exist and most of those would be solved with a memory and type safe language.
Maybe.
Still, there are other sources of bugs beyond memory management.
And i'd rather have GPL-ed potentially unsafe C code to... closed-source Rust code.
-
as long as the linux kernel is still gpl.
I seem to recall some drama about rust in the kernel... what could that mean...
All the kernel Rust code is GPL, so you can leave that slippery slope alone. MIT licenced core utils just leave the door open to eventually using them in the BSDs as well.
-
I fear moving away from GPL that moving to Rust seems to bring, but Rust does fix real memory issues.
So you prefer closed-source code to potentially unsafe open-source code?
Take the recent rsync vulnerabilities for example.
Already fixed, in software that's existed for years and is used by millions. But Oh no, memory issues, let's rewrite that in <language of the month>! will surely result in a better outcome.
They're MIT licensed.
-
I would love this news if it didn't move away from the GPL.
Mass move to MIT is just empowering enshittification by greedy companies.
What does the license change actually mean? What are the differences?
-
What does the license change actually mean? What are the differences?
The code can be taken and used in close source projects
-
as long as the linux kernel is still gpl.
I seem to recall some drama about rust in the kernel... what could that mean...
That has nothing to do with anything. rust code has nothing to do with the license.
-
as long as the linux kernel is still gpl.
I seem to recall some drama about rust in the kernel... what could that mean...
Nothing. The language used has absolutely nothing to do with the license.
