Can anyone explain why do we need this rewrite? What I’m hearing is just that the language is memory safe and, honestly, it sounds like a weak argument. Unless the program is actively evolving or requires regular updates and it can be seen that a rewrite could genuinely improve things…
All I’ve seen in these media posts were just vague “what if” arguments. If that’s it, a rewrite seems pretty dumb.
Sudo is being actively developed and has several fairly recent CVEs, some of which are memory issues (at least recent compared to how old sudo is). Apart from being memory safe rust is also better at error handling than C.
IMO best would be to reduce attack surface by using a memory safe language and also reducing complex features like OpenBSD’s doas does.
Well that’s the thing that I don’t see communicated. Is it actively developed? Bug fixes doesn’t count, it’s maintenance not active development. If I’m just doing maintenance then there must be a lot of issues to warrant a rewrite, especially in a different language.
Form what I keep seeing it looks like a rewrite for the sake of rewriting, which is at best misguided reasoning.
I can see an argument that the cost of failure is very high with something like sudo, but I don’t see it vocalized anywhere.
Image working in an old building, there is no coffee machine, there is no warm water and if you want to do something new, chances of you getting in trouble because you forgot to mess with CMake or free memory, are high.
But the building works since it has been tested for 30 years.
Rust is a new building that you can move over to, there is a coffee machine that is a bit complicated at first but once you understand it it is that bad, there is warm water and you don’t have to mess with CMake or allocate/free memory for everything.
But the building is new, there will be issues here and there and sometimes the promised warm water wont work since someone fucked it up, but in general it is just sooooo much more comfy to work in.
Rust is not about making Programming languages fast or memory safe. If you truly want to do that, I recommend doing crack and writing in assembly.
It is about making programming easier without sacrificing speed.
Ok, valid, is sudo (in this case) actively developed? Hom much maintenance does it require?
All these analogies amount to what exactly? New == better?
I get the enthusiasm for new shiny thing, especially when the new tool is better. But why do we need something like sudo rewriten? How does it make lives easier?
There’s a saying: if it ain’t broke… I’m trying to figure how and why it’s broken and all I see just a selling pitch for the language.
Can anyone explain why do we need this rewrite? What I’m hearing is just that the language is memory safe and, honestly, it sounds like a weak argument. Unless the program is actively evolving or requires regular updates and it can be seen that a rewrite could genuinely improve things…
All I’ve seen in these media posts were just vague “what if” arguments. If that’s it, a rewrite seems pretty dumb.
Sudo is being actively developed and has several fairly recent CVEs, some of which are memory issues (at least recent compared to how old sudo is). Apart from being memory safe rust is also better at error handling than C.
IMO best would be to reduce attack surface by using a memory safe language and also reducing complex features like OpenBSD’s doas does.
https://www.cvedetails.com/vulnerability-list/vendor_id-15714/Sudo-Project.html?page=1&order=3
Well that’s the thing that I don’t see communicated. Is it actively developed? Bug fixes doesn’t count, it’s maintenance not active development. If I’m just doing maintenance then there must be a lot of issues to warrant a rewrite, especially in a different language.
Form what I keep seeing it looks like a rewrite for the sake of rewriting, which is at best misguided reasoning.
I can see an argument that the cost of failure is very high with something like sudo, but I don’t see it vocalized anywhere.
I would say yes is it developed, this is more than just big fixes : https://github.com/sudo-project/sudo/releases
No huge changes of course, but the big CVE from July was only introduced 2 years ago.
My biggest question is, why is something like sudo still developed and not finished and in maintenance mode?
Image working in an old building, there is no coffee machine, there is no warm water and if you want to do something new, chances of you getting in trouble because you forgot to mess with CMake or free memory, are high. But the building works since it has been tested for 30 years.
Rust is a new building that you can move over to, there is a coffee machine that is a bit complicated at first but once you understand it it is that bad, there is warm water and you don’t have to mess with CMake or allocate/free memory for everything. But the building is new, there will be issues here and there and sometimes the promised warm water wont work since someone fucked it up, but in general it is just sooooo much more comfy to work in.
Rust is not about making Programming languages fast or memory safe. If you truly want to do that, I recommend doing crack and writing in assembly. It is about making programming easier without sacrificing speed.
Ok, valid, is sudo (in this case) actively developed? Hom much maintenance does it require?
All these analogies amount to what exactly? New == better?
I get the enthusiasm for new shiny thing, especially when the new tool is better. But why do we need something like sudo rewriten? How does it make lives easier?
There’s a saying: if it ain’t broke… I’m trying to figure how and why it’s broken and all I see just a selling pitch for the language.