> The reason is actually incredibly clear
There is no guarantee that other bugs do not flurish in the rust echosystem. There are no publicly known quality code checks of rust programs except a big "trust us"(see firefox with all its CVEs, despite "rust"). And combined with the Cargo echosystem, where every malicious actor can inject malware is a big warning sign.
AFAIK Linux is using rustc directly, without cargo.
And just an anecdote, Asahi Linux devs said that Rust made it very easy (maybe relative to working with C) to write the drivers for the Apple M1 and M2 series, so it seems that the language has his merits, even without the cargo ecosystem.
Also Rust will only minimize certain kinds of bugs, others are impossible, a few years ago (I believe was Microsoft) that said that 70% of the bugs found were memory related [0], it means that Rust would have prevented most of those.
Maybe Rust is not the best answer, but as for now it the most proven answer for this particular problem, who know of Zig or other language will replace both C and Rust in the future.
[0] https://www.zdnet.com/article/i-ditched-linux-for-windows-11...
I might be misunderstanding here but... what you're saying is that Rust programs can still have bugs? Isn't that the same as other programs except Rust prevents the most disastrous and common bugs that lead to most CVEs?
If I got that right, how is "it's still not perfect" an argument?
Agree with the Cargo objection.
If perfect isn't needed, we might as well stick with the 20+ years old mature codebase, there's no need to move to another language. I mean the "code to parse .deb, .ar, .tar," is done and whatever memory bugs should've been already fixed .
Use Rust for evergreen projects by all means, just leave mature tested systems alone, please.
I don't follow how from "better but not perfect is better than worse" you conclude that.
OK? So, is your position that Debian is only for software that's old enough to vote?
Or maybe Debian should never rely on any software written after 2015?
Firefox is 29% Javascript, 28% C++, 22% HTML, 10% C, 3% Python, 2,6% Kotlin and 5% other
> There is no guarantee that other bugs do not flurish in the rust echosystem.
well, less likely than in C thanks to a advanced type system, e.g. allowing authors of abstractions make their API much more fool proof.
> where every malicious actor can inject malware is a big warning sign.
Very much doubt that is the case...
There are guarantees that many types of bugs won't happen in Rust code. That alone is a great progress.
a bunch of major projects have conclusively shown that moving to memory safe languages without any doubt whatsoever results in more secure software.
Are there guarantees that "other bugs" do not flourish in the C ecosystem?
Firefox is not even close to 100% Rust.
This is a wildly misinformed comment.