Given how long and widely C++ has been a dominant language, I don’t think anyone can reasonably expect to get rid of all the unsafe code, regardless of approach. There is a lot of it.
However, changing the proposition from “get good at Rust and rewrite these projects from scratch” to “adopt some incremental changes using the existing tooling and skills you already have” would lower the barrier to entry considerably. I think this more practical approach would be likely to reach far more projects.
If you’re hoping for the standard lib to have things built on evolving standards and ecosystems like HTTP clients, then I doubt that will ever happen. There are plenty of examples of why that would be a terrible idea (urllib, std::regex, etc).
Probably not going to happen. I will say that it’s less bad than you might think, because there is more-or-less an unofficial extended stdlib, i.e. high-quality, widely used libraries which are maintained by people in the Rust team.
But yeah, I’m involved in a somewhat larger project and we’ve cracked 1000 transitive dependencies a few weeks ago, and I can tell you for free that I don’t personally know the maintainers of all of those.
If this was more of a security-critical project, there’s probably a dozen or so direct dependencies that we would have implemented ourselves instead.
This has been one of my biggest frustrations while learning Rust. I’m coming from .NET which has an incredible wealth of official System and Microsoft libraries all of which are robust and well documented.
Rust on the other hand has the bare minimum std library, with everything else implemented by the community. There isn’t even a std async library. It’s insane.
Even the popular community libraries are severely lacking in documentation or inexplicably unmaintained.
Rust has a ton of potential but it desperately needs some broad funding to align the fundamentals to a decent standard.
The inherent problem with this kind of solution is that if you don’t break backwards compatibility, you don’t get rid off all the insecure code.
And if you do break backwards compatibility, there’s not much reason to stick to C++ rather than going for Rust with its established ecosystem…
Given how long and widely C++ has been a dominant language, I don’t think anyone can reasonably expect to get rid of all the unsafe code, regardless of approach. There is a lot of it.
However, changing the proposition from “get good at Rust and rewrite these projects from scratch” to “adopt some incremental changes using the existing tooling and skills you already have” would lower the barrier to entry considerably. I think this more practical approach would be likely to reach far more projects.
wake me up when Rust fixes its’ supply chain attacks susceptibility (solid stdlib and rejecting external crates, including transitive deps
If you’re hoping for the standard lib to have things built on evolving standards and ecosystems like HTTP clients, then I doubt that will ever happen. There are plenty of examples of why that would be a terrible idea (
urllib,std::regex, etc).Probably not going to happen. I will say that it’s less bad than you might think, because there is more-or-less an unofficial extended stdlib, i.e. high-quality, widely used libraries which are maintained by people in the Rust team.
But yeah, I’m involved in a somewhat larger project and we’ve cracked 1000 transitive dependencies a few weeks ago, and I can tell you for free that I don’t personally know the maintainers of all of those.
If this was more of a security-critical project, there’s probably a dozen or so direct dependencies that we would have implemented ourselves instead.
This has been one of my biggest frustrations while learning Rust. I’m coming from .NET which has an incredible wealth of official System and Microsoft libraries all of which are robust and well documented.
Rust on the other hand has the bare minimum std library, with everything else implemented by the community. There isn’t even a std async library. It’s insane.
Even the popular community libraries are severely lacking in documentation or inexplicably unmaintained.
Rust has a ton of potential but it desperately needs some broad funding to align the fundamentals to a decent standard.