this post was submitted on 19 Jul 2023
17 points (94.7% liked)
Rust Lang
709 readers
1 users here now
Rules [Developing]
Observe our code of conduct
- Strive to treat others with respect, patience, kindness, and empathy.
- We observe the Rust Project Code of Conduct.
- Submissions must be on-topic
- Posts must reference Rust or relate to things using Rust. For content that does not, use a text post to explain its relevance.
- Post titles should include useful context.
- For Rust questions, use the stickied Q&A thread. [TBD]
- Arts-and-crafts posts are permitted on weekends.
- No meta posts; message the mods instead.
Constructive criticism only
- Criticism is encouraged, though it must be constructive, useful and actionable.
- If criticizing a project on GitHub, you may not link directly to the project’s issue tracker. Please create a read-only mirror and link that instead.
- Keep things in perspective
- A programming language is rarely worth getting worked up over.
- No zealotry or fanaticism.
- Be charitable in intent. Err on the side of giving others the benefit of the doubt.
No endless relitigation
- Avoid re-treading topics that have been long-settled or utterly exhausted.
- Avoid bikeshedding.
- This is not an official Rust forum, and cannot fulfill feature requests. Use the official venues for that.
No low-effort content
- Showing off your new projects is fine
No memes or image macros
- Please find other communities to post memes
No NSFW Content
- There are many other NSFW communities, let’s keep this related to the language
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Is (or will) Ferrocene be open source?
This phrase look suspicious, as "open source" and "exclusive" typically does not mix well.
Will it be a special version of rustc with private bugfixes, like in ~"we have fixed 19 bugs in rustc that can lead to miscompilations in your missing-critical program, so you better pay us for better private rustc instead of using buggy upstream version"~?
Or will publicly available source code be exactly the same as in certified version of the compiler, with the difference only being the legal warranties?
Or will it follow something like grsecurity model, i.e. technically open source, but please do not distribute (lest lose the subscription).
One of the founders of Ferrous Systems has answered some questions about it on Hacker News. See here and here.
The spec they created for the certification process is open source. There is some "tiny" amount of the patches that aren't public but it sounds like it is essentially a recent stable release of Rust because the other major changes have been contributed upstream. It's not clear if they definitely plan to eventually release the rest of thier changes as open source or not but they will consider it.
Well, Rust is MIT + Apache 2.0, so they can do this. It isn't copyleft.
Personally I consider it a a shame that rust and it's ecosystem isn't at least weakly copyleft (e.g. LGPL or MPL) though there are some good reasons not to use those specifically. (LGPL isn't not well defined if you don't use dynamic linking, MPL is younger than rust, but would have been an excellent fit otherwise). And the ecosystem follows the leader for the most part.
But that is neither here nor there, and I'm not interested in arguing about licenses on the Internet. :)