More Open Source Security episodes

Rust coreutils with Sylvestre Ledru thumbnail

Rust coreutils with Sylvestre Ledru

Published 2 Mar 2026

Duration: 31:06

A modern rewrite of Unix command-line tools using Rust aims for memory safety, performance, and maintainability while achieving high compatibility.

Episode Description

Josh talks to Sylvestre Ledru about the Rust coreutils project. We've been using GNU coreutils for decades now, and the goal of Rust coreutils is to r...

Overview

The podcast explores Rust Core Utils, a modern rewrite of fundamental Unix command-line tools like ls, cp, and mv, originally developed in C. The project, revived by Sylvest Ledoux and now included by default in Ubuntu, aims to enhance system utilities using Rusts memory safety, performance, and modern language features. The goal is to create safer, more maintainable tools while preserving compatibility with existing Unix workflows and scripts. Early challenges included addressing script compatibility issues due to undocumented behaviors in GNU Core Utils, but the team achieved 95-96% compatibility through rigorous testing, including running GNUs upstream test suite and contributing improvements to the ecosystem.

The project emphasizes collaboration with GNU to resolve edge cases, such as handling calendar systems and deprecated arguments, while also highlighting Rusts appeal to new developers and its potential to modernize critical infrastructure. Current efforts focus on refining rare corner cases, improving cross-platform support, and ensuring long-term compatibility. Looking ahead, the team aims for broader adoption in Linux distributions and continued community-driven contributions to sustain the projects growth and reliability.

Recent Episodes of Open Source Security

22 Jun 2026 Packagist and Composer security with Jordi Boggiano

Strategies for securing open-source ecosystems include malware detection via third-party feeds, transparency logs, rapid incident response, blocking malicious downloads, private registry controls, immutable package releases, standardized workflows, MFA enforcement, and technical proposals like artifact validation and build attestation, while addressing challenges like maintainer hacking, AI risks, usability trade-offs, and the need for ecosystem-wide alignment and human verification.

15 Jun 2026 Sustaining Open VSX with Mike and Thabang

Eclipse Foundation's OpenVSX, a VS Code extension repository, surged to 600M monthly downloads, evolved to a commercial model with enterprise SLAs and security teams, while addressing scalability, open-source balance, and funding challenges for AI expansion.

8 Jun 2026 Hacking your CI/CD with Francois Proulx

Critical vulnerabilities in open source CI/CD pipelines, including hijacking and supply chain attacks via social engineering or compromised builds, are highlighted through incidents like TJ Actions and Ultralytics, with mitigation strategies emphasizing secure credentials, externalized workflows, threat modeling, and tools like *Smoked Meat* and *Bagel* to enhance incident response and supply chain security.

1 Jun 2026 Open source verification with Sal Kimmich

Cybersecurity challenges include complex application ecosystems, overlooked kernel vulnerabilities, supply chain risks, and systemic risks from under-resourced organizations prioritizing surface-level controls, alongside calls for regulatory reforms, proactive threat modeling, secure development practices, and addressing tribal nations' unique legal and sovereignty concerns.

25 May 2026 Vulnerability disclosure with Casey Ellis

The evolution of vulnerability disclosure highlights challenges in prioritizing critical issues, outdated legal frameworks, and the role of initiatives like Disclosed.io in standardizing policies, alongside AI's impact on detection, open-source risks, triage complexities, and the need for collaboration and transparency to address systemic security barriers.

More Open Source Security episodes