oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Rust programs in distrbutions (Was: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx)

From: Michael Orlitzky <michael () orlitzky com>
Date: Sat, 30 Sep 2023 19:28:46 -0400
On Sat, 2023-09-30 at 13:00 -0400, Demi Marie Obenour wrote:

It is also worth noting that Rust-the-language supports dynamic linking.
Once Cargo supports this and downstreams (like Fedora) obtain sufficient
build capacity, it will be possible to use dynamic linking by performing
automatic cascading rebuilds whenever a package is upgraded.  Arch
already does this for Haskell IIUC.


We do it for Haskell in Gentoo, too, but we have a dark secret: it only
works because Haskell became unpopular. There are basically only two
Haskell programs, and everything works for n = 2.
Previous By Date Next
Previous By Thread Next

Current thread: