📰 2026-04-29 12:30 更新
🔸 Bugs Rust won’t catch / Bugs Rust无法捕获
🔗 Bugs Rust won’t catch
🔥 25 points
原文:
In April 2026, Canonical disclosed 44 CVEs in uutils, the Rust reimplementation of GNU coreutils that ships by default since 25.10. Most of them came out of an external audit commissioned ahead of the 26.04 LTS. I read through the list and thought there’s a lot to learn from it. What’s notable is that all of these bugs landed in a production Rust codebase, written by people who knew what they were doing, and none of them were caught by the borrow checker, clippy lints, or cargo audit. I’m not…
译文:
2026年4月, Canonical在uutils中披露了44个CVE ,这是自25.10以来默认发布的GNU coreutils的Rust重新实现。其中大多数是在26.04 LTS之前委托进行的外部审计。我仔细阅读了清单,并认为有很多东西可以从中吸取教训。值得注意的是,所有这些错误都落在生产Rust代码库中,该代码库由知道自己在做什么的人编写, checker、Clippy Lints或Cargo Audit。我不是……
自动更新 · 正文抓取 · 双语翻译