This is
freebsd-rustdate, a reimplementation offreebsd-update. It’s primarily written because of how slowfreebsd-updateis, and is written in rust because I felt like it.In usage, it’s expected to be similar, but not identical to
↫ Matthew Fullerfreebsd-update. There are probably a number of minor edge-case differences I don’t even know about, but there are a number of larger ones that are intentional too.
I love it when someone takes on a very well-established tool that’s used by countless people who probably barely think about how it could be improved. In this case, the performance improvements are nothing short of extraordinary, but of course, its author Matthew Fuller rightfully points out that you really shouldn’t be using this on any production system. It has not received even one percent of the kind of testing and eyeballs that the regular update tool in FreeBSD has received, so there may be edge cases or bugs.
Improving the speed of the update process is always welcome. If it’s slow and time-consuming, people might postpone the updates because they’re getting in the way of what they want to do at the moment. Sure, I doubt the average FreeBSD user is the kind of person to postpone updates and run an insecure system in the meantime, but it might still draw a few people across the line to quickly get them done before continuing their work.
This new rust-based FreeBSD update tool is definitely not going to be replacing the current one any time soon, nor is it even a part of the FreeBSD project in the first place, so there’s no need to worry about any potential breakage to your FreeBSD system because they’re replacing a battle-tested tool with a new one. All this does for now is highlight that there’s gains to be made here, and that’s a goal worth pursuing.
To be clear…. updates do not make you secure. Not installing badly written software, and/or removing the source of same, makes you secure. If you have to update all the time to be secure, consider the source of the problem.
I’m not sure what on earth you would consider secure. OpenBSD base system? F0r everything else: you need updates to patch vulnerabilities after they’re found.
Looking forward to something like this making it a reality somehow https://trustworthy.systems/projects/smos/ But outside of that and maybe the OpenBSD base system, you need updates.
I see what you are saying but I am not sure I agree pedantically with your point.
No matter what you have installed, and you certainly have to have something, it can have bugs. If it has bugs that have been discovered, updates can be created to enhance the security and these updates should be applied. In that sense, updates certainly do make you more secure. So, I disagree with your opener.
As I understand your core point though, it is better to ensure your software is secure to begin with rather than relying solely on a robust update process or mechanism. Overall, I agree with that. Again though, you can never say for certain that software is secure. You can only take precautions.
As something like 70% of bugs are reported to come from memory management issues, the use of Rust itself seems to be one of those foundational decisions that may lead to more inherently secure software to begin with.
Having a robust update mechanism is a requirement of software in order for it to be considered secure enough for me to install. Its not sufficient, but necessary.
Leaving freebsd-update as a shell script for this long is insane. Even the slower Linux package managers are written in Perl or Python.
Yeah FreeBSD, IMHO, is riddled with these things. It works and its worked like this forever, but its so old and has been improved 5x in Linux. Sorry, but mostly true.