Security is part of it -- dpkg and apt were not built to deal with the problem of tracking each individual executables' complied library versions. When the next Heartbleed happens, how will you know which things need to be recompiled? (Some of this data exists in adjacent Debian systems for DD's internal use, but it's not integrated into dpkg in any way.)
Hello! I am a Debian Developer, though not likely to work on this as I haven't done a ton of rust binary packaging.
I did want to clear up one misconception that you might be having, though. The .deb versions shipped by upstream are great, but they're not really ever going to be useful for Debian. One of the side-effects of Debian's requirements around software freedom is an important principle: you should be able to build any package in Debian with only the things that are in Debian.
The problem with fresh isn't fresh itself -- packaging that isn't particularly difficult, though it does need some amount of care and attention. The problem is that fresh pulls in 732 different crates which all need to be packaged in Debian before fresh can be. Some of them are already in Debian, of course, but... you can imagine that the effort here is very much not insignificant.
Upstream doesn't have to deal with this problem, as they can simply statically build them into the executables. That's a violation of Debian policy, though, and isn't allowed for anything in the archive.
Hope that helps you understand why you may not get many bites at this offer, generous as it is!
That's true... for the exploit demo that they released. The primitive that underlies the exploit, however -- a page cache write -- can easily bypass the container boundary. One only needs to hook an executable which is also present in the host.
In fact, the authors specifically say on the very first line of their website that the copy/fail primitive can be used as a container escape. The entire premise of this article is flawed and irresponsible.
… really? This is simultaneously so far down in the plumbing and extremely resistant to measuring the impact of, I can’t imagine anyone building a company off of this that’s not already deep in the weeds (lookin’ at you, WolfSSL).
The idea that a startup would be competitive in the VC “the only thing that matters are the feels” environment seems crazy to me.
"(b) The term does not include the distribution of bona fide news, commentary, or editorial content unless the publishing entity is owned or controlled by a political party, a political committee, or a candidate".
There is no carve out in the law for open source. I don’t think it matters for this calculator’s firmware, because there’s no covered App Store, but it certainly would for most Linux distributions.
If there is an aircraft evacuation and someone is getting their bag out of the carry-on, the proper response is punching them in the face and throwing them onto the ground so people can step over (or on) them.
With seat pitches so tight these days, the idea that an evacuation can be done by unprepared people in 90 seconds is a pipedream, even before taking into consideration people trying to get their luggage.
If it's salted, you can't share it with a third-party and determine who your customers in common are. (That's the point of the salt; to mean that my_hash(X) != your_hash(X)).
I really like this... except you should add a special case for 911. I strongly believe that all phones, and anything that looks like phones, should be able to dial out in an emergency.
Obviously, this can raise its own problems -- you'll have to train the kids not to randomly dial 911! -- but you never know what circumstances might exist where someone in a panic reaches for the nearest phone.
Email (b64): aDhuQHNldGVjLmlv