Rust is the future for this sort of systems programming work, and by failing to see that and accommodate its use both Linus and Hellwig are sabotaging the long term viability of the kernel imo. New devs are keen to jump on rust because of how much it does better than C/++ and how much easier it is to make safe and secure systems with it, but shit like this just demotivates that crowd and thins the pool of people who are willing to contribute going forward. We need memory safety by default, the task of kernel stability is only going to get more complex and unsustainable without it. Stop holding onto tradition and purity for the sake of it
Open source work is collborative. No matter how good an engineer someone is, if they can’t figure out how work with others, then it’s better to kick them out. A potentially insecure kernel is better than a non-existent one.
I agree. I think Hector Martin should not have endorsed that sort of behavior to whatever extent he did. But I also think long term that the sorts of behavior that’s keeping these rust patches out of the code base will kill the future of the project. The reasons given aren’t even applicable since the patches are in their own branch of the tree. But I agree brigading is not the way to address these sorts of organizational issues
Rust is not the only systems language with “memory safety”. Some even have better type systems (linear types, refinement types, GADTs) & tools for proving code correct. What grinds my gears is this “C is has problems, therefore you must use Rust” flawed mentality.
I agree but in terms of the features, momentum, and community around rust I think it’s the most promising option for memory safe language. But you’re right that it’s not the only option, I should say that they should be more welcoming to mixed language development with memory safe languages in general
Rust has affine types and gets close to linear when you include #[must_use] (you can still let _ = foo but at least it won’t be an accident, also, drop code isn’t guaranteed to run and there’s good reasons for that), refinement types there’s a library for that. GADTs… I mean sure trait magic can get annoying and coming from Haskell you’d want to do more in the type system but in the end the idiomatic rust way to do many of those things is with macros. Which, unlike Haskell, Rust actually is really good at. Really good. Tack refinement types onto the language kind of good.
Proving tools, honestly, there’s only one piece of actually proven software (SeL4) and the only language it’s really written in is Coq. Which Rust will never, ever, compete with on its home turf.
Rust is the future for this sort of systems programming work, and by failing to see that and accommodate its use both Linus and Hellwig are sabotaging the long term viability of the kernel imo. New devs are keen to jump on rust because of how much it does better than C/++ and how much easier it is to make safe and secure systems with it, but shit like this just demotivates that crowd and thins the pool of people who are willing to contribute going forward. We need memory safety by default, the task of kernel stability is only going to get more complex and unsustainable without it. Stop holding onto tradition and purity for the sake of it
Two things can be true at once:
Open source work is collborative. No matter how good an engineer someone is, if they can’t figure out how work with others, then it’s better to kick them out. A potentially insecure kernel is better than a non-existent one.
I agree. I think Hector Martin should not have endorsed that sort of behavior to whatever extent he did. But I also think long term that the sorts of behavior that’s keeping these rust patches out of the code base will kill the future of the project. The reasons given aren’t even applicable since the patches are in their own branch of the tree. But I agree brigading is not the way to address these sorts of organizational issues
Rust is not the only systems language with “memory safety”. Some even have better type systems (linear types, refinement types, GADTs) & tools for proving code correct. What grinds my gears is this “C is has problems, therefore you must use Rust” flawed mentality.
I agree but in terms of the features, momentum, and community around rust I think it’s the most promising option for memory safe language. But you’re right that it’s not the only option, I should say that they should be more welcoming to mixed language development with memory safe languages in general
Rust has affine types and gets close to linear when you include
#[must_use](you can stilllet _ = foobut at least it won’t be an accident, also, drop code isn’t guaranteed to run and there’s good reasons for that), refinement types there’s a library for that. GADTs… I mean sure trait magic can get annoying and coming from Haskell you’d want to do more in the type system but in the end the idiomatic rust way to do many of those things is with macros. Which, unlike Haskell, Rust actually is really good at. Really good. Tack refinement types onto the language kind of good.Proving tools, honestly, there’s only one piece of actually proven software (SeL4) and the only language it’s really written in is Coq. Which Rust will never, ever, compete with on its home turf.
Not sure why Haskell is being invoked—several languages have GADTs & macros.
Agree, I think if Linux doesn’t find a good way to include and maintain rust, redox will replace Linux in the long term
BSD on rust. Will meet same fate long term unless they move to GPL or more copyleft.