I personally don't understand the passive-aggressive push to replace gnu-coreutils with uutils package. gnu-coreutils is a well baked and battle tested code over the years and its license is an important pillar alongside Kernel's GPL license to keep the operating system free, open and accessible to all.

Is gnu-coreutils perfect no? But, do a Rust rewrite solves all problems in one go? It's glaring No, as we see. I have a hunch that not the code but the license is what makes uutils attractive, but I refrain from speculating further.

The CVEs introduced and the heavy handed, "we do because we can" approach is damaging beyond just Debian, but Linux distributions ecosystem at large. Also there's erosion of GPL licensed foundational code as the secondary effect.

I can accept uutils to live as an alternative, but not default coreutils package for Debian, but replacing to make Canonical's life better is not something I support.

With all due respect,

H.

On 29.06.2026 ÖÖ 5:50, Theodore Tso wrote:
I will note that Ubuntu's rewrite of coreutils breaks a number of test
suites (including xfstests) because its outputs are different and this
breaks golden output comparisons.  I expect it will also break various
expect scripts that sysadmins might have in production.

Bug reports about fstests being broken on Ubuntu have been rejected[1]
because it's perceived by kernel developers as Ubuntu just being
silly(tm).  Given that some rather the primary test regression
appliance is based on Debian[2], I would consider it.... unfortunate
and regrettable if coreutils were replaced by Canonical's rust
rewrite.  And that's before we consider the over 100 CVE's that were
*introduced* by the rewrite of coreutils[3].

[1] https://lore.kernel.org/fstests/[email protected]/
[2] https://thunk.org/gce-xfstests
[3] https://www.phoronix.com/news/Ubuntu-Rust-Coreutils-Audit

Regards,

                                        - Ted


Attachment: OpenPGP_0x165476670B2E463F.asc
Description: OpenPGP public key

Attachment: OpenPGP_signature.asc
Description: OpenPGP digital signature

Reply via email to