oss-sec mailing list archives
Re: Haskell programs in distributions (was: Rust programs in distrbutions (Was: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx))
From: Erik Auerswald <auerswal () unix-ag uni-kl de>
Date: Sun, 1 Oct 2023 13:03:46 +0200
Hi, On Sat, Sep 30, 2023 at 07:28:46PM -0400, Michael Orlitzky wrote:
On Sat, 2023-09-30 at 13:00 -0400, Demi Marie Obenour wrote:It is also worth noting that Rust-the-language supports dynamic linking. Once Cargo supports this and downstreams (like Fedora) obtain sufficient build capacity, it will be possible to use dynamic linking by performing automatic cascading rebuilds whenever a package is upgraded. Arch already does this for Haskell IIUC.We do it for Haskell in Gentoo, too, but we have a dark secret: it only works because Haskell became unpopular. There are basically only two Haskell programs, and everything works for n = 2.
I am curious, what two prgrams do you think of? I know of two Haskell programs I regularly use, Pandoc and ShellCheck. Best regards, Erik -- [T]he most dangerous enemy of a better solution is an existing codebase that is just good enough. -- Eric S. Raymond
Current thread:
- Re: Haskell programs in distributions (was: Rust programs in distrbutions (Was: CVE-2023-5217: Heap buffer overflow in vp8 encoding in libvpx)) Erik Auerswald (Oct 01)