Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
edelbitter 6 hours ago

One particular chasm to keep an eye on, possibly even more relevant than Ubuntu using Rust: When it comes to building important stuff, Ubuntu sticks to curl|YOLO|bash instead of trusting trust in their own distributions.

https://github.com/canonical/firefox-snap/blob/90fa83e60ffef...

theamk 3 hours ago | parent | next [-]

When people say "curl|bash", this usually means secondary fetches, random system config changes, likely adding stuff to user's .bashrc

But it's not quite that bad in this particular case - they are fetching pre-built static toolchain, and running old-school install script, just like in 1990s. The social convention for those is quite safer.

(Although I agree, it is pretty ironic that they prefer this to using ppa or binary packaged into deb...)

staticassertion 4 hours ago | parent | prev | next [-]

I don't get it. What's the chasm here?

kingstnap 5 hours ago | parent | prev | next [-]

You can curl stuff and run it just gotta have hashes in place.

theamk 3 hours ago | parent [-]

In theory, yes.

In practice, very rarely. Lots of 'curl | sh' do secondary fetches, and those don't come with hash checks. And even if they come with hash checks _today_, there is no guarantee next version won't quietly remove them.

LoganDark 4 hours ago | parent | prev | next [-]

Aren't the versions of Rust in stable Linux distributions like, a century old? Or at least they were last I checked what Debian and Ubuntu LTS were distributing. I think it's because they don't like static linking.

tecoholic 4 hours ago | parent [-]

Hasn’t the right way to install rust has always been using rust up? I am an Ubuntu user and never once tried apt for rust.

LoganDark 4 hours ago | parent [-]

I believe Rust is typically only used through `apt` as a dependency for system packages written in Rust, or for building system packages that are written in Rust, so that they can link against a single shared instance of the Rust Standard Library.

tokyobreakfast 6 hours ago | parent | prev [-]

[flagged]

castis 5 hours ago | parent | next [-]

should we trust someone whos HN account is just as shiny?

acomjean 6 hours ago | parent | prev [-]

“Done software”?

tokyobreakfast 5 hours ago | parent [-]

Clearly what the world needed before all else was Rust versions of cat and dd.

The Rust community's specialty is generating solutions in search of problems.