zigbee2mqtt usually just works fine. However, in its latest version 2.x, the way external converters get loaded has changed fundamentally. To begin with, external converters can now be loaded by sending their code via MQTT, which to me looks like adding some remote eval capability just for the fun of it. In order to accomplish this, zigbee2mqtt creates a new…
Category: Security
What is wrong with Rust packaging on EL9?
Rust’s rich type system and ownership model guarantee memory-safety and thread-safety https://www.rust-lang.org/ Looks like Rust’s rich packaging guarantees anything… but security. Why would one want to have a Linux package for every little library?Who is going to audit this?