Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <36a25f2467809ee727239db10684e147e7440326.camel@orlitzky.com>
Date: Sat, 30 Sep 2023 19:28:46 -0400
From: Michael Orlitzky <michael@...itzky.com>
To: oss-security@...ts.openwall.com
Subject: Re: Rust programs in distrbutions (Was:
 CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx)

On Sat, 2023-09-30 at 13:00 -0400, Demi Marie Obenour wrote:
> It is also worth noting that Rust-the-language supports dynamic linking.
> Once Cargo supports this and downstreams (like Fedora) obtain sufficient
> build capacity, it will be possible to use dynamic linking by performing
> automatic cascading rebuilds whenever a package is upgraded.  Arch
> already does this for Haskell IIUC.

We do it for Haskell in Gentoo, too, but we have a dark secret: it only
works because Haskell became unpopular. There are basically only two
Haskell programs, and everything works for n = 2.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.