پویان Pouyan Mar 14

This reminds of the front rust is per se secure that gave us the sudo-rs disaster. The Anti-AI front war cry is ai is per se bad.

I’m tired of choosing sides and fighting battles that aren’t really mine. To me, categorical stances smell like virtue signaling. And I want no part of it.

#ai #rust #ubuntu #virtuesignalling

RE: https://toot.pouyan.net/objects/f714955d-d031-4895-bc5c-30493a887b60

Show threadKornelMar 14

@i You're exaggerating with "disaster". CVE-2025-64170 was a UI issue exploitable only under rare circumstances and required ability to see victim's terminal.

Meanwhile OG sudo had more severe issues: https://www.sudo.ws/security/advisories/

so sudo-rs is an improvement overall.

Security Advisories

Sudo
Show threadپویان Pouyan Mar 14

@kornel I’ve got no issues with rust replacing existing tools. I have a problem with claiming that it would be then more secure by default because it’s written in rust.

P.S. Irrelevant to my original point: give sudo-rs a couple of more years, and it’ll accumulate some more CVEs.

Show threadMichał FitaMar 14
@i @kornel Fine. But promise you'll always compare that growing number with number of CVEs of the original. This condition is the only way under you're allowed to complain 😉
Show threadپویان Pouyan

@michalfita I’ll be damned if I complained about something that was provided to me for free!

@kornel

Mar 14 at 10:31pmWeb