Hi! [ also Cc:ing [email protected] - if only to make them aware. Thread start can be found at e.g. http://comments.gmane.org/gmane.linux.kernel/1218722 ]
On Mit, 2011-11-23 at 17:03 +0530, naveen yadav wrote: [...] > I want to know is there any similar package like busybox we can use in > embedded product. > I found few of them but could not found as good as busybox. so this is > reason i ask. > > 1. http://www.fefe.de/embutils/ > 2. https://github.com/asdf-systems/gobox Hmm, GoBox wants to be a busybox replacement implemented in Go. Granted, the target is IMHO not so the embedded world but more the "VM world" (where diskspace doesn't matter and RAM doesn't mater that much). > 3. http://www.landley.net/code/toybox/about.html And forgot that one. And please tell us, why you don't have license problems with the above but with the busybox license? And what license has GoBox? Couldn't find one on https://github.com/asdf-systems/gobox .... > For security issue in busybox. I could not find detail but below slide > mention it . > https://speakerd.s3.amazonaws.com/presentations/4e9334432deb290054011ba7/slides.pdf You're kidding, right? IIUC, that .pdf are just *marketing*/*sales* slides where the GoBox folks basically tell everyone that BusyBox is "bad" (because it is "huge") and GoBox is "good" (because it is allegedly small). And a homepage like http://http://www.asdf-systems.de/ which is empty unless one enables JavaScript (for google-analytics)? Sorry, but not everyone likes to be tracked by Google that easily. More concrete: - There is no real hint on (unsolved) real security bugs but only the usual (but not necessarily untrue) "implemented in C" and "because there are xxx LoC, there must be security and other bugs" just to scare people from busybox away. * LoC are IMHO probably the worst metric in the software world BTW. * Well, and C is (almost always) the only choice for very small hardware. - Busybox can also be statically linked. If that makes sense if one has a libc.so on the target, is another question (or more the compromise of risk and used space). - TTBOMK, busybox has nothing to do with GNU and is not maintained by gnu.org or anyone closely related. So the slides as such are buggy (and that is IMHO a quite severe mistake). - 700 config variables are evil? Hey, this is for the embedded world where resources are scarce at best and one wants to keep out not absolutely needed stuff. So if you can't handle 700 config variables (and it is not that they are independent from each other but if you disable applets you also loose lots of them), go back to the desktop or server world with (virtually) unlimited cheap space where size doesn't matter;-) - The GoBox slides uses "cloud" (whatever the current buzzword means) thus reducing it's own size and that should make it more secure? What does that really mean there? - GoBox has a dozen applets right now. If GoBox becomes as popular and widespread as busybox, I'm quite sure it needs the same number of compile-time config options and is similar complex. (So why should I even consider GoBox given the trivial and not so trivial "faults" in the slides?) [ Full-quote deleted ] Kind regards, Bernd -- Bernd Petrovitsch Email : [email protected] LUGA : http://www.luga.at _______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
