Consider the following: rust rewrites of projects like coreutils exist purely to remove copyleft licensing.

stf@chaos.social

@sundew @maxine most of the utils in coreutils have no remote attack surface and run without suid bit, so neither local privilege escalation is an issue. so the threat model really does not include memory-safety in any important way. thus the whole rewrite coreutils in rust for security is utter bullshit.

luxliquida@critter.cafe

@maxine Tangential, the Phoronix forums seem to be absolutely flooded with transphobia and other bigotry... I know "don't read the comments" is common sense, but they really need moderators over there ‍️

maxine@hachyderm.io

@luxliquida I resent using Phoronix as a source here but I didn’t find another quickly, but yes, the community of that site is an absolute cesspit. Has been as long as I remember.

sundew@beige.party

@stf @maxine

I think memory safety issues in any program can still be very bad news. One example:
https://www.csoonline.com/article/549634/vulnerability-in-widely-used-strings-utility-could-spell-trouble-for-malware-analysts.html

Sure, a safety issue in a webserver is worse than in a utility, but I'd still like all the software I use to be memory-safe.

Even if you're not doing full-on malware analysis, I'd like to know it's safe to run basic utilities on files downloaded from the internet without having to worry about RCE.

hipsterelectron@circumstances.run

@maxine also forgot about the c2rust ones https://circumstances.run/@hipsterelectron/116453862836059542

rustynail@floss.social

@torb @txt_file @maxine android uses Linux just fine and it's getting more and more closed. The way I understood it is it's legal because as far as Linux is concerned, all parts of android outside of the kernel are no different from random proprietary apps you can run on your desktop, which is not even a GPL thing but a special additional clause in the Linux license

kelpana@mastodon.ie

@flesh @maxine @bms48 Agreed, MIT is appropriate, even necessary in some circumstance - Godot engine would not be possible without MIT licensing. However, projects like this effectively laundering the licence shouldn't be tolerated.

flixxie@troet.cafe

@maxine can you explain to a license noob what copyleft licensing means?

bms48@mastodon.social

@kelpana @flesh @maxine I can't quite understand the correlation between "rewrite in Rust" and "adopt permissive licensing", nor do I imply causation from it, as some mention. But the stated arguments in defence of these actions seem specious at best. "If it ain't broke, don't fix it" goes the old wisdom, but they insist on footgunning themselves, citing "oh because it's memory-safe". I don't run conspiracy theory either way, I just mentally read it in the Homer Simpson voice. DOH!

ranidspace@wetdry.world

@maxine a good thing to note is that while Rust is licensed permissively, you can license rust programs with whatever you want, including copyleft licenses.

This isn't a rust rewrite problem, this is a general rewrite problem

nicr9@techhub.social

@maxine From the rust coreutils repo:

> Goals
> uutils coreutils aims to be a drop-in replacement for the GNU utils. **Differences with GNU are treated as bugs.**

I guess I should file a licence change PR?

GitHub - uutils/coreutils: Cross-platform Rust rewrite of the GNU coreutils

Cross-platform Rust rewrite of the GNU coreutils. Contribute to uutils/coreutils development by creating an account on GitHub.

GitHub (github.com)

lx@mas.to

@flixxie @maxine Copyleft means people can create modified versions of the software but must pass on that right to recipients. In contrast to BSD where the maker of a modified version can choose to keep it proprietary.