From 90e5fec1521c2545178f7de5bb41ec60df2ea318 Mon Sep 17 00:00:00 2001
From: petershh <petershh@disroot.org>
Date: Sun, 14 Aug 2022 12:10:33 +0300
Subject: README: update

---
 README.md | 26 ++++++++++++++++++++++++--
 1 file changed, 24 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 346a375..a5a28dd 100644
--- a/README.md
+++ b/README.md
@@ -13,7 +13,7 @@ Works best with musl libc.
 - GNU Make, version 3.81 or later;
 - [skalibs](https://skarnet.org/software/skalibs). This is a build-time
   dependency and a run-time dependency if you do not link binaries statically.
-- (***Optional***) [nsss](https://skarnet.org/software/nsss) if you have musl
+- (**Optional**) [nsss](https://skarnet.org/software/nsss) if you have musl
   and want nsswitch-like functionality, or if you just want sane nsswitch on
   your system. This is build-time and run-time dependency.
 
@@ -47,9 +47,31 @@ This is free software licensed under MIT license. See COPYING for details.
 - Existing projects do not satisfy the author for some reasons:
     - [GNU Coreutils](https//www.gnu.prg/software/coreutils): well, this is GNU,
       which is translated as 'bloated, inefficient, insecure'.
+    - [uutils](https://github.com/uutils/coreutils): there are many reasons:
+        1. They reimplement GNU Coreutils with all its bloat.
+        2. This project uses Rust. This language does not produce small
+           binaries, while system software *must* be small and efficient - do
+           not waste user's resources!
+        3. Also, this language encourages dependencies which are downloaded via
+           [their own repository](https://crates.io). Dependencies are a great
+           responsibility on their own, and downloading them via de facto
+           unmoderated repository opens [giant possibilities for supply chain
+           attacks](https://drewdevault.com/2022/05/12/Supply-chain-when-will-we-learn.html).
+           ssh-utils use limited number of dependencies and author reviews
+           its code. These dependencies are meant to be supplied by your
+           software distribution's package manager. shh-utils author is
+           committed to cooperation with distribution maintainers. Dependencies
+           are cleary defined, and the package is easy to build.
+        4. This project aims to be cross-platform. I don't see the point of
+           running Unix utilities on Windows. Some utilities (chmod, chown)
+           assume POSIX and make no sense on Windows. Also, Windows terminal
+           capabilities will always be inferior to Unix. If you want Unix
+           utilities -- install Unix.
     - [Busybox](https://busybox.net), [Toybox](https://landley.net/toybox):
       these projects provide multicall binaries. This approach has its
       advantages, but it also has its drawbacks. The goal of shh-utils is
       provide standalone binaries.
-    - [sbase](https://core.suckless.org/sbase/): Idk, need to check this out.
+    - [sbase](https://core.suckless.org/sbase/): suckless stuff, which is good,
+      but they use standard C interfaces like stdio, which I deem bad.
+      shh-utils use better designed skalibs interfaces when appropriate.
 - Last but not least: NIH syndrome of course!
-- 
cgit v1.2.3