Re: [RFC PATCH v3 1/3] scripts: add kconfirm

Next message: Shivam Kalra: "Re: [PATCH v13 0/5] mm/vmalloc: free unused pages on vrealloc() shrink"
Previous message: kernel test robot: "[tip:tip/urgent] BUILD SUCCESS 150e35bf7787cb3aff04ca521bc02b75b237ba61"
In reply to: Demi Marie Obenour: "Re: [RFC PATCH v3 1/3] scripts: add kconfirm"
Next in thread: Arnd Bergmann: "Re: [RFC PATCH v3 1/3] scripts: add kconfirm"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Miguel Ojeda

Date: Sun May 17 2026 - 18:53:37 EST

On Sun, May 17, 2026 at 10:25 PM Demi Marie Obenour
<demiobenour@xxxxxxxxx> wrote:
>
> I was hoping for Linux to avoid the Rust trend of downloading tons
> of third-party crates, with all the supply-chain risks that entails.

I completely agree -- it is why I said a well-known, vetted set of crates.

That is, we should decide on e.g. a single CLI arg parser, a single
logger, etc. for most of our tools, and ideally they should be
well-known crates (ideally already trusted via use in the compiler
itself).

Moreover, they should be pinned with `--locked` or similar (like we
already recommend for `bindgen-cli`), so that we only ever use
something that matches the hash in the lockfile that would be
committed in the tree.

Cheers,
Miguel