Comment by toast0

9 hours ago

> It helps that it's actively maintained, battle-tested as hell, and widely audited.

Is it actually audited? Or is it like OpenSSL... everybody uses it, but nobody looks under the hood cause it's gross in there? (Or well, nobody looked before Heartbleed anyway)

1 comment

toast0

Reply
k_roy  8 hours ago

Is it actually audited?

This is 2026, not 2014 when heartbleed came out.

And it runs as PID1 on many distros and these are folks like RHEL, who have a huge interest in keeping it secure.

Pypi has an almost daily exploit announced in common and popular libraries, simply because the dependency graph is so huge. And this is in things that are almost certainly deliberately and by design exposed to insecure user input.

Again, it’s fun to hate on systemd, but in reality you are much more likely to be exploited by something else.