At first I was sceptical, but after a few thought, I came to the solution that, if uutils can do the same stuff, is/stays actively maintained and more secure/safe (like memory bugs), this is a good change.
What are your thoughts abouth this?
I’m mixed on it. If it is more secure/safe then that’s a good thing, but if it’s done because it’s MIT-licensed instead of GPL-licensed, then that could possibly be concerning.
The correct title should be “Ubuntu explores replacing gnu utils with MIT licenced uutils”.
Waiting for Canonical to up sell proprietary utils features by subscription. Ubuntu’s regular release cycles were brilliant in 2004 when there weren’t a lot of alternatives but why does it still exist?
I personally don’t see the point.
Mainly memory safety;
split(which is also used for other programs likesort) had a memory heap overflow issue last year to name one. The GNU Coreutils are well tested and very well written, the entire suite of programs has a CVE only once every few years from what I can see, but they do exist and most of those would be solved with a memory and type safe language.That said, Rust also handles parallelism and concurrency much better than C ever could, though most of these programs don’t really benefit from that or not much since they already handled this quite well, especially for C programs.
but they do exist and most of those would be solved with a memory and type safe language.
Maybe.
Still, there are other sources of bugs beyond memory management.
And i’d rather have GPL-ed potentially unsafe C code to… closed-source Rust code.
The Rust code isn’t closed source, but I’d strongly prefer a coreutils replacement to use GPL over MIT as well.
See other comments: all these rewrites are not using the GPL but rather permissive licenses like MIT. Bye-bye FOSS (in those ecosystems).
I fear moving away from GPL that moving to Rust seems to bring, but Rust does fix real memory issues.
Take the recent rsync vulnerabilities for example.
At least this one in a Rust implementation of rsync would have very likely been avoided:
CVE-2024-12085 – A flaw was found in the rsync daemon which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time. Info Leak via uninitialized Stack contents defeats ASLR.
I fear moving away from GPL that moving to Rust seems to bring, but Rust does fix real memory issues.
So you prefer closed-source code to potentially unsafe open-source code?
Take the recent rsync vulnerabilities for example.
Already fixed, in software that’s existed for years and is used by millions. But Oh no, memory issues, let’s rewrite that in <language of the month>! will surely result in a better outcome.
the deGPLification of the Linux ecosystem ffs
I would love this news if it didn’t move away from the GPL.
Mass move to MIT is just empowering enshittification by greedy companies.
What does the license change actually mean? What are the differences?
The best example I could point to would be BSD. Unlike Linux, the BSD kernel was BSD (essentially MIT) -licensed. This allowed Apple to take their code and build OSX and a multi-billion dollar company on top of it, giving sweet fuck all back the community they stole from.
That’s the moral argument: it enables thievery.
The technical argument is one of practicality. MIT-licensed projects often lead to proprietary projects (see: Apple, Android, Chrome, etc) that use up all the oxygen in an ecosystem and allow one company to dominate where once we had the latitude to use better alternatives.
- Step 1 is replacing coreutils with uutils.
- Step 2 is Canonical, Google, or someone else stealing uutils to build a proprietary “fuutils” that boasts better speeds, features, or interoperation with $PROPRIETARY_PRODUCT, or maybe even a new proprietary kernel.
- Step 3 is where inevitably uutils is abandoned and coreutils hasn’t been updated in 10 years. Welcome to 1978, we’re back to using UNIX.
The GPL is the tool that got us here, and it makes these exploitative techbros furious that they can’t just steal our shit for their personal profit. We gain nothing by helping them, but stand to lose a great deal.
The code can be taken and used in close source projects
And how does this hurt all of us who use it for open source projects?
Competitive improvements the company makes make be kept secret, re packaged, and sold without making contributions to the src code.
Basically embrace, extend, extinguish
Ideas can only be patented, not copyrighted. If a company designs something novel enough to qualify for a patent, and so good that people willingly pay for the feature, that’s impressive, and arguably still a good thing. If instead they design a better user experience, or an improvement in performance, the ideas can be used in open source, even when the code cannot be.
