An update on the rust-coreutils rewrite for Ubuntu 26.04
Posted by self@reddit | programming | View on Reddit | 25 comments
Posted by self@reddit | programming | View on Reddit | 25 comments
NenAlienGeenKonijn@reddit
Can someone explain to me why they are rewriting and replacing coreutils with a rust variant?
giltirn@reddit
I think it’s because some people are so obsessed with the memory safety boogeyman and are more than happy to throw the baby out with the bath water to achieve memory safety nirvana (if you look past the bits in the unsafe blocks I assume)
dukey@reddit
Why is the core utils using the MIT license? What happened to GPL?
LeeHide@reddit
Probably because they didn't know better, just like the reason they started this project in the first place. It's naiive.
JustBadPlaya@reddit
This project is as old (maybe even predates?) Rust 1.0, and started as a hobby project where the authors just refused to think about licensing because it wasn't something they wanted to care about, which is kinda fair if you think about it
dukey@reddit
The license prevents programmers from re-using the GPL code, or even basically looking at it, which seems like be a major barrier. They basically have to do a clean room implementation.
JustBadPlaya@reddit
Which is actually not a bad thing when the goal is to learn the dang language! The project only became relevant fairly recently, being a proper reimplementation wasn't a goal until I think 2022+
dukey@reddit
Yeah this isn't a learning project, Ubuntu is replacing all the core utils with the rust based variants.
JustBadPlaya@reddit
You read right past my point. It wasn't that until like late 2022. It wasn't supposed to be anything serious for most of its lifespan
levir@reddit
What I don't get is why Canonical wants to do that. What problems is this switch addressing? Presumably, to change out core parts of the system, the benefits has to significantly outweigh the downsides?
Maybe-monad@reddit
That project wasn't started by Canonical themselves, it's someone's hobby project
cdb_11@reddit
I looked up at some point what was the reasoning behind it, and IIRC the original author picked MIT basically just because it is trendy in those circles, but I believe he didn't really have any strong opinions about it either way. That was originally the reason why, but since then new maintainers took over, and AFAIK some actually don't want it to be GPL, but I'm not sure why. I think I saw some comment that they do want it to be usable in other projects, but I'm still not sure why that niche use case is even worth it, since now you can't look at the GNU implementation anymore.
Uristqwerty@reddit
I'd assume people who don't understand the crucial difference between the freedoms you want in a library, and in a binary, so just cargo-cult imitate the library-centric default found in the Rust package ecosystem.
Imagine you get an appliance running Linux, but the vendor has made an unknown number of closed-source edits to core system tools. Perhaps
cpnow has built-in DRM that limits what files may be copied, automatically stripping all but the lowest-resolution stream from digitally-signed video files. Perfectly legal under MIT; GPL'd force them to release the modified source and build instructions so you can strip unwanted functionality. And while a GPL'd library might infect the rest of any application linking to it, a GPL'd binary doesn't further constrain others, there's a natural boundary to the main complaint people have about the license, one which fits perfectly with system tool use-cases.I can only see people who give up the freedoms that protect them, to gain freedoms that mean nothing in an end-binary, as fools. Best case, too lazy to care.
self@reddit (OP)
!!!
thomasfr@reddit
there are so many open compatibility issues in the rust coreutil project.
Canonical should pay someone to do a posix compatibility review which should reveal a lot because I have compared the gnu source to posix docs to the rust code for a handful of commands and gnu and posix are mostly the same while the rust tools deviate in all kinds of small and big ways.
max123246@reddit
I don't understand how big shifts like this happen but I can't even convince people at work to not copy paste code everywhere ):
tsammons@reddit
The amount of apologetics over in r/linux for this level of unprofessionalism is mind boggling.
frankster@reddit
kind of like bash shell scripts vs posix shell scripts. some stuff doesn't work when you use it in a different shell to the one you tested against.
josefx@reddit
More like http desync attacks, where both front and backend claim to parse http, but both disagree on what they see.
thomasfr@reddit
more kind of like the difference between gnu coreutils and bsd or one of the other unicies but probably with even worse/more differences.
An important difference this time is that the differences between gnu and unix derivatives has "always" been like that. Now we suddenly get one linux distro that will start behaving differently from its previous versions and most other distros.
ktoks@reddit
Being different will hurt them for a while. I think they assume others will follow their lead. I guess we'll see.
thomasfr@reddit
When I installed 25.10 a month after its release the rust coreutils broke some of the main apt repository packages I depend on working for work so I replaced them with gnu again within 20 minutes to unblock me so I haven't really had any daily exposure to them at all yet.
trmetroidmaniac@reddit
The idea that Ubuntu was going to plow ahead anyway is a matter of severe concern. These are just the TOCTOU bugs they found - you should assume that sort of thing in unproven new software!
Rust is just one of the thousand cuts killing Linux as a viable OS.
Maybe-monad@reddit
It's not Rust but corporate heads making decisions based on hype instead of evidence
levelstar01@reddit
You mean the language without any sort of directory handle support has TOCTOU issues? You're telling me this for the first time.