cross-posted from: https://programming.dev/post/35495679
Earlier post version: image/text.
From another article referenced there:
The maintainers of the Ubuntu Linux distribution are now rewriting GNU Coreutils in Rust. Instead of using the GPLv3 license, which is designed to make sure that the freedoms and rights of the user of the program are preserved and always respected over everything else, the new version is going to be released using the very permissible or “permissive” (non-reciprocal) MIT license, which allows creating proprietary closed-source forks of the program.
There will surely be small incompatibilities - either intentional or accidental - between the Rust rewrite of coreutils and the GNU/C version. If the Rust version becomes popular - and it probably will, if Ubuntu starts using it - the Rust people will start pushing their own versions of higher level programs that are only compatible with the Rust version of coreutils. They will most probably also spam commits to already existing programs making them incompatible with the GNU/C version of coreutils. That way either everyone will be forced into using the MIT-licensed Rust version of coreutils, or the Linux userland becomes even more broken than it already is because now we have again two incompatible sets of runtime functions that conflict with one another. Either way, both outcomes benefit the corporations that produce proprietary software.
(Source – which does contain some more-than-problematic language outside of these passages, compare the valid objections raised by others here and in the cross-posts.)
Compare also how leaders of Canonical/Ubuntu have ties to Microsoft, and how the Canonical employee who leads the push to rewrite coreutils as non-GPL-licensed Rust software has spent years working for the British Army, where he “Architected and built multiple high-end bespoke Electronic Surveillance capabilities”, by his own proud admission.
I’m struggling to connect the dots between “X person used to work in electronic surveillance” and an immediate risk to the open source software being developed by a different employer. Is there some reason to think this person is still working for their old employer? Or is the speculation that they are a idologue out to destroy Linux from the inside?
If there’s something unsafe in the code, especially a rust rewrite of the coreutils I’d expect it’s going to be found immediately. People are going to go over that code with a fine toothed comb.
If the central idea of the article is “I don’t think there’s a place in the FOSS community for people with different ideas/beliefs/history than me” then the author should come out and say that (many have in the past). Claiming we’re at risk because of some wild speculation about a nefarious plot between the military and Microsoft to attack Linux and privacy… it really does require something more firm than this.
I think what they’re trying to imply is that Canonical is setting this all up so they can create a (possibly paid) fork of coreutils that spys on its users.
Which is all well and good except for now it’s just a baseless paranoid fantasy. And if that was laid out up front I would have no notes.
Over here in reality, if Canonical deployed a closed source, paid, spyware laden version of it’s OS it might take a little while for some of the server business to disappear, but they’d loose almost all their market share overnight. They’d be a cautionary tale in the FOSS community and the software industry.