logoalt Hacker News

edelbittertoday at 6:56 PM5 repliesview on HN

One particular chasm to keep an eye on, possibly even more relevant than Ubuntu using Rust: When it comes to building important stuff, Ubuntu sticks to curl|YOLO|bash instead of trusting trust in their own distributions.

https://github.com/canonical/firefox-snap/blob/90fa83e60ffef...


Replies

theamktoday at 9:51 PM

When people say "curl|bash", this usually means secondary fetches, random system config changes, likely adding stuff to user's .bashrc

But it's not quite that bad in this particular case - they are fetching pre-built static toolchain, and running old-school install script, just like in 1990s. The social convention for those is quite safer.

(Although I agree, it is pretty ironic that they prefer this to using ppa or binary packaged into deb...)

staticassertiontoday at 8:47 PM

I don't get it. What's the chasm here?

kingstnaptoday at 8:18 PM

You can curl stuff and run it just gotta have hashes in place.

show 1 reply
LoganDarktoday at 8:37 PM

Aren't the versions of Rust in stable Linux distributions like, a century old? Or at least they were last I checked what Debian and Ubuntu LTS were distributing. I think it's because they don't like static linking.

show 1 reply
tokyobreakfasttoday at 7:10 PM

[flagged]

show 2 replies