But, as the debian dude has learned… Rust programs will 99.999 % work if they can be compiled.
That’s a dumb statement. Every tool needs unit tests. All of them!
If grep complied, but always returned nothing for every file and filter, then it’s still not “working”. But, hey, it compiled!
The OP is about packaging issues with userspace utilities due to version pinning in Rust
No, it’s about Bcachefs specifically. It’s literally in the title. Discussions around Rust version pinning are a useful side conversation, but that’s not what the OP is about.
So if your Rust app is built against up to date libraries in Cargo, it’s going to be difficult to package those apps in Debian when they ship stable, out of date libraries since Debian’s policies don’t like the idea of using outside dependencies from Cargo.
As they should. You don’t just auto-update every package to bleeding edge in a stable OS, and security goes out the window when you’re trusting a third-party’s third-party to monitor for dependency chain attacks (which they aren’t). This is how we get Crowdstrike global outages and Node.JS bitcoin miner injections.
If some Rust tool is a critical part of the toolchain, they better be testing this shit against a wide array of dependency versions, and plan for a much older baseline. If not, then they don’t get to play ball with the big Linux distros.
Debian is 100% in the right here, and I hope they continue hammering their standards into people.
Switzerland be like:
…I feel like openssh has a much larger attack surface than a simple binary.
Right. This is just trading one set of security pitfalls with a second, much worse set of security pitfalls.
From the PR:
Note that this behaviour is configurable. It’s default is a 500 char limit because that is the Mastodon default.
That’s a shit default, and a shitty way to treat a standard that is meant for all sorts of communication. ActivityPub is not Twitter, and it is not just for short-form communication. In fact, a majority of the web is longer-form communication that isn’t a mere 500 characters long.
Retorting with “this behaviour is configurable” is dancing around the issue. Good, sane defaults mean everything in programming.
WTF is this whole thread?
4Chan was a thing at least 20 years ago.
Stop telling me what to do! You’re not my mom.
No, that’s the thing where somebody Googles the result and gets the right answer.
I’m going to invoke Poe’s Law and not assume this is sarcasm.
And if they say “yes”, if they are blatant and transparent about their business model, that will somehow make it better? This idea of “putting sunshine on a problem” never actually solves anything. The problem company just comes back with “Yeah? So? What the fuck are you going to do about it?”
Why ask when you know the answer is yes?
If the product is free, you are the product. Even when it’s not free, you’re still the product because data is too valuable.
Why does the most reasonable and balanced take have the most downvotes?
This is absolutely the journalists’ fault. It doesn’t matter if its AI-generated or not.
“Tries” implied they failed. Is this provision still on the table?
That’s precisely what I was comparing it to. Transporting somebody in a car for 15 minutes is much different than providing housing, a bed, and a livable space for a week.
I can barely trust some rando to drive me around to a destination in the city. Why would I trust other randos to let me rent and use their house? And not break housing or safety laws in the process? It is 100x more complicated than just driving me from point A to point B.
Dev being an asshole and not accept Linus’ code review = Rust is bad?