What are the thoughts on this
In other words the Busybox in rust?
Well if you’re interested in distros, or Fedora adopting it, the Coreutils use the GPL license while this project you linked in the MIT license which might prevent distros from shipping it in place of the current GNU Utils.
I don’t know much about license but what i read about it was said that it is comparable with gpl v2 more than gpl v3
The MIT license is generally very permissive and not a problem for Fedora. (It’s on the allowed list.) Many companies prefer it because it does not impose any “share-back” copyleft obligations. And correspondingly, some people who want to make sure open source stays open are skeptical of projects to replace key libraries and components which use the GPL with non-copyleft licenses. In particular, Busybox is used a lot of places, including home routers, and has been instrumental in getting companies to open access to those devices.
So, that’s certainly in the background of any conversation around this. But setting it aside for a moment, I think the movement to use more-safe languages is good one, and I love Rust. So it’s worth following. But it’s also worth considering that we have years of experience with features, bugfixes, interface quirks, and so on with the existing coreutils. A replacement would need to be very compatible.
Yes but as fedora want to be more secure in nature by default next 5years so i think it make sense to have a build with this. So it can be tested and if it is really good it can be replaced as it aims to do. I really like the rust lang don’t and i got more interest when it was introduced in kernel. And asahi gpu driver was rust written and it was stable i was following that project so memory safe language is really good. And memory safety releted bugs are 70% cause vulnerabilities
Here is a new update which solves many more stuff. can we now think if we can shift to more rust stuff like gnuutils to coreutils so system can be more memory safe.
Having memory safety is important.
“Memory safe” is certainly an important class of bugs, but this is, as the name says, core stuff. Our current coreutils package dates back to 2001 or so, and is the combination of various packages older than that. There are a lot of bugs which have been shaken out — and many of those bugs will surely have security implications even in a “safe” language.
There’s an old saying in software: there is no silver bullet. That is: there’s no one easy thing that solves the problem.
The rust coreutils package is version 0.0.22
. This is a strong indication that the upstream developers do not think it is ready for prime-time. And, in fact: they clearly note that it doesn’t pass many of the current coreutils test suite:
It’s on the way — but not close to parity. And that’s only things that there’s a test for.
Of course, this doesn’t mean that this can’t be packaged in Fedora as an option. It just seems a long way off from serious conversations about making it the default.
Lets keep this hold for another year and see if we can add it in fedora. But it canbe packaged so it can be tested. With fedora systems