From nobody Mon Jan 22 19:03:00 2024
X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4TJfkW45rQz581Sy
	for <freebsd-hackers@mlmmj.nyi.freebsd.org>; Mon, 22 Jan 2024 19:03:15 +0000 (UTC)
	(envelope-from asomers@gmail.com)
Received: from mail-oo1-f46.google.com (mail-oo1-f46.google.com [209.85.161.46])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4TJfkW2Fyxz3ytv;
	Mon, 22 Jan 2024 19:03:15 +0000 (UTC)
	(envelope-from asomers@gmail.com)
Authentication-Results: mx1.freebsd.org;
	none
Received: by mail-oo1-f46.google.com with SMTP id 006d021491bc7-5961a2726aaso1847328eaf.0;
        Mon, 22 Jan 2024 11:03:15 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1705950193; x=1706554993;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=55Er4j+L0oZ5YUHOIjDLxwUUR7h49v7Sd4hHQ4IPjRo=;
        b=ZPpxxd6p0VMPe1Bf3UgDA32RE0VUJIisLYJWLIxwlMOKlibPTcDBFWdKU0kE3w/d/l
         Oyixm8EAf+dtIYOTASDmReXWH2hGRYXdB193VVh0UBDIVlzBWu/aX6BlkvKtNGtc1+rU
         /7y/XaqKSfY9AEstl81jtrut6SXBUVBnE7W12a/4X98tatu8/3DYoNnLVCYegS2HOuvf
         5eXP8PhTnok0qqP6CsMrs6ot17jML85jRjHzW5iAQSpWTDKVDT79IQPkG1jihuuboES/
         HZ0R25arVIhezM6eC1JvFkf+3tL9KQuLmQOcHF8YSL3puoS4QY364TnvwR+uEW9gp43L
         EBvg==
X-Gm-Message-State: AOJu0YzEoQERWsw/yK6Vbvszof6beq8wwTGWueIJV/BFohjFrwpNKZ2n
	QEsONy1MfZ+2wMxf0RQHkgaBCK2Dp7ezC/nUyTnXa8C915rmJBCvryKzlRYBgFu/ma62n6ENM7a
	z8+2Omo3AoZ6VjlZLmMvKbFxBHYHFhiMyu70=
X-Google-Smtp-Source: AGHT+IFfEiUykwGzj/j62GbbWbD/MovnSiNMdHHPNCqXb+4B/uebi7Raqu5gk0X8uq8XhSl8ubhC053giGQopgtzlVo=
X-Received: by 2002:a05:6359:4204:b0:175:7309:4228 with SMTP id
 kn4-20020a056359420400b0017573094228mr3171712rwb.37.1705950192678; Mon, 22
 Jan 2024 11:03:12 -0800 (PST)
List-Id: Technical discussions relating to FreeBSD <freebsd-hackers.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-hackers
List-Help: <mailto:freebsd-hackers+help@freebsd.org>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Subscribe: <mailto:freebsd-hackers+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-hackers+unsubscribe@freebsd.org>
Sender: owner-freebsd-hackers@freebsd.org
MIME-Version: 1.0
References: <CAOtMX2hAUiWdGPtpaCJLPZB+j2yzNw5DSjUmkwTi++myemehCA@mail.gmail.com>
 <1673801705774097@mail.yandex.ru> <CANCZdfpqWgvV_RCvVO_pvTrmajQFspW+Q9TM_Ok3JrXZAfeAfA@mail.gmail.com>
 <ef4ad207-5899-42b6-8728-bc46f1417e9e@antonovs.family> <202401210751.40L7pWEF011188@critter.freebsd.dk>
 <20240121102421.GE14773@memo2.memo.frmug.org> <2f38cbcd-61a9-42b7-b7e6-ebd261fe66da@FreeBSD.org>
In-Reply-To: <2f38cbcd-61a9-42b7-b7e6-ebd261fe66da@FreeBSD.org>
From: Alan Somers <asomers@freebsd.org>
Date: Mon, 22 Jan 2024 12:03:00 -0700
Message-ID: <CAOtMX2hEtGPqD-fagJD1=N7y1AvYnqViFAVsaR2d3gAjCngKvw@mail.gmail.com>
Subject: Re: The Case for Rust (in the base system)
To: Matthias Andree <mandree@freebsd.org>
Cc: freebsd-hackers@freebsd.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Rspamd-Queue-Id: 4TJfkW2Fyxz3ytv
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US]

On Mon, Jan 22, 2024 at 11:17=E2=80=AFAM Matthias Andree <mandree@freebsd.o=
rg> wrote:
>
>
> Do Rust proponents audit what all the indirect dependencies' codes do
> before referencing them?  Or are there bodies that tell us what
> libraries are safe, when the base language can't dance?

Supply-chain attacks are a serious problem for any language that makes
it easy to pull in external dependencies.  Rust, Python, NPM, etc.
"Never use external dependencies", aka "Reinvent the wheel", is a
pretty poor solution.  The Rust community has come up with an
interesting solution: cargo-vet [1] (and in an earlier incarnation,
cargo-crev).  It's basically a distributed audit process.  Any
developer can audit a crate to give his personal stamp of approval.
And then any other developer can specify whose audits he is willing to
trust.  The cargo-vet tool will tell you whether your project has any
dependencies that haven't been audited by a trusted auditor.  If so,
it provides a UI that you can use to either audit it yourself, or
accept an audit from somebody you don't yet trust.

It takes some work to use, and it's still somewhat immature.  But I
think all security-conscious companies will have to move in this
direction eventually.

[1] https://mozilla.github.io/cargo-vet/index.html

-Alan