No, rust is stricter because you need to think a lot more about whether weird edge cases in your unsafe code can potentially cause UB. For ex. If your data structure relies on the Ord interface (which gives you comparison operators and total ordering), and someone implements Ord wrong, you aren’t allowed to commit UB still. In C++ land I’d venture to guess most any developer won’t care - that’s a bug with your code and not the data structure.

It’s also more strict because rusts referencing rules are a lot harder then C’s, since they’re all effectively restrict by default, and just turning a pointer into a reference for a little bit to call a function means that you have to abide by those restrictions now without the help of the compiler.

You can do rollbacks if you’re using something like home-manager on a foreign distribution. It’s just a bit more janky admittedly.

The vulnerability has nothing to do with accidentally logging sensitive information, but crafting a special payload to be logged which gets glibc to write memory it isn’t supposed to write into because it didn’t allocate memory properly. glibc goes too far outside of the scope of its allocation and writes into other memory regions, which an attacked could carefully hand craft to look how they want.

Other languages wouldn’t have this issue because

1. they wouldn’t willy nilly allocate a pointer directly like this, but rather make a safer abstraction type on top (like a C++ vector), and

2. they’d have bounds checking when the compiler can’t prove you can go outside of valid memory regions. (Manually calling .at() in C++, or even better - using a language like rust which makes bounds checks default and unchecked access be opt in with a special method).

Edit: C’s bad security is well known - it’s the primary motivator for introducing rust into the kernel. Google / Microsoft both report 70% of their security vulnerabilities come from C specific issues, curl maintainer talks about how they use different sanitizers and best practices and still run into the same issues, and even ubiquitous and security critical libraries and tools like sudo + polkit suffer from them regularly.

The solution here generally afaik is to give a specific deadline before you go public. It forces the other party to either patch it, or see the problem happen when they go live. 90 days is the standard timeframe for that since it’s enough time to patch and rollout, but still puts pressure on making it happen.

manpages aren’t guides though - they don’t help much in learning new tools, especially complicated ones. They’re comprehensive references, some can literally span hundreds of pages. Useful when you know what you’re doing and what you’re looking for, not great for learning new tools.

In which case the -a isn’t needed.

Better have not created any new files tho - git commit -a doesn’t catch those without an add first.

This is good for precisely the single user case - potentially malicious services on your system can’t view things they otherwise would be able to, or access resources they don’t need. Even if it’s under the same user.

The data model there is fundamentally different. That would break how git would work because operations that worked one way before would now no longer work that way. You’d functionally have rewritten and mapped all the old functionality to new functionality with subtle differences, but at that point is it even git? You have a wrapper with similar but subtly different commands and that’s it. It’s like saying “instead of reinventing functionality by building both ext4 and btrfs, why don’t we just improve ext4”?

The two are practically entirely different.

It being objectively better then SVN or CVS doesn’t mean that it’s the best we can do. Git has all sorts of non-ideal behaviors that other VCS’s don’t. Pijul’s data structure for instance is inherently different from git and it can’t be retrofitted on top. Making tooling only support git effectively kills off any potential competitors that could be superior to git.

One example is pijul specifically let’s you get away from the idea that moving commits between branches changes their identity, because pijul builds a tree of diffs. If two subtrees of diffs are distinct, they can always be applied without changing identity of those diffs. This means “cherry picking” a commit and then merging a commit doesn’t effectively merge that commit twice resulting in a merge conflict.

That’s one example how one VCS can be better.

Not OP, but personally yes. Every code forge supporting only git just further enforces git’s monopoly on the VCS space. Git isn’t perfect, nor should be treated as perfect.

The above is probably the reason why so many alternative VCS’s have to cludge themselves onto git’s file format despite likely being better served with their own.

Interesting new VCS’s, all supporting their own native format as well for various reasons:

• pijul
• sapling
• jujutsu

Sapling is developed by meta, jujutsu by an engineer at Google. Pijul is not tied to any company and was developed by an academic iirc. If you’re okay with not new:

• mercurial
• fossil
• darcs

VCS’s are still being itterated on and tooling being super git centric hurts that.

Linus has stepped away from kernel development before, and probably will again. Life continues on.

Second person excited for bcachefs, I’m planning on swapping over as soon as it supports scrubbing.

Right, but squashed commits don’t scale for large PRs. You could argue that large PRs should be avoided, but sometimes they make sense. And in the case where you do have a large PR, a commit by commit review makes a lot of sense to keep your history clean.

Large features that are relatively isolated from the rest of the codebase make perfect sense to do in a different branch before merging it in - you don’t merge in half broken code. Squashing a large feature into one commit gets rid of any useful history that branch may have had.

Yeah, but phabricator and Gerrit are entirely separate workflows from GitHub, and a lot of people prefer that workflow because it leads to encouraging better histories and reviews. It helps you in getting rid of the “fixed typos” type of commits, while still letting you make larger PRs.

GitHub obviously does let you keep a clean git history, but the code review workflow in GH just doesn’t encourage reviewing commits.

How much of that is what GitHub encourages and how much of that is what Users prefer? Plenty of users seem to enjoy phabricator / Gerrit for code review in practice precisely because of their workflows.

It’s not battle tested on massive projects nor does it have the prior mindshare git has. It doesn’t have a lot of tooling either. (Does any CI/CD system support pijul?) It has nice properties, but ultimately git with all it’s terrible warts is well understood.

Also, GitHub PRs atleast to me feel like they encourage reviewing changes by the total diff of the entire PR, and not each commit. I don’t want a slog of commits that don’t add any value - it just makes doing things like reverts more annoying. Stuff like Gerrit and phabricator enforce reviews by making you review individual commits / changes / whatever you want to call them and not branch diffs.

Yeah, good commit messages are about intent and context of a change - not what the change itself is. We can look at the diff for that. Just write a single line or two summarizing what the commit does, and everything else should be adding context on top that doesn’t directly exist in the codebase.

Not having to swap over to a ticketing system just to see the context of a change is really nice (Or to add context on why changes are done a certain way). One line that says what you changed, then any context such as why it was done that way, and important notes about that change works wonders. It’s pretty much the exact model the Linux kernel uses, and it makes looking at changes great for anyone down the line.