|
@raphlinus | |||||
|
My response to the recent Actix drama about unsafe, with a modest proposal how to hopefully make things better: raphlinus.github.io/rust/2020/01/1…
|
||||||
|
||||||
|
Chris Jefferson
@Azumanga
|
18. sij |
|
I'm going to be honest, I feel this would make things worse. It comes across as turning soundness into a religion.
Why would I ever specifically mention soundness bugs, compared to any other type of bug? Elevating soundness bugs above others is what caused this problem (I think)
|
||
|
|
||
|
Slyklaw
@slyklaw
|
18. sij |
|
I don't get this drama thing. If you don't like how the project is run, fork it and run it the way you want.
|
||
|
|
||
|
OZ
@eugeniyoz
|
18. sij |
|
People get used to the fact that best results are usually achieved by the collaboration, not by separation.
|
||
|
|
||
|
ʟʟoɢiq
@llogiq
|
18. sij |
|
There are some costs at work here besides runtime performance and those costs were not addressed by most commenters.
I'm dubious such a pledge (or non-pledge) would have helped here.
|
||
|
|
||
|
Scott Lott
@onlycliches
|
18. sij |
|
It seems odd to me that a library author wouldn’t align with the primary goals of Rust. If you want to write unsafe code there’s a million other languages for that.
|
||
|
|
||
|
Giles super::* Cope ⚡🦀
@gilescope
|
18. sij |
|
A soundness pledge could be a bool on the crate metadata to opt into trying to be as secure as possible. I.e. crates would then be opting in to the rust safety dance.
|
||
|
|
||
|
Giles super::* Cope ⚡🦀
@gilescope
|
18. sij |
|
I’d like to see more cross-implementation testing of projects (by providing drivers that all implemented a common trait). We should industrialise efforts like medium.com/@shnatsel/smok… - together we are stronger.
|
||
|
|
||
|
OZ
@eugeniyoz
|
18. sij |
|
you are missing the main reason of this drama: negative reaction (with some nasty, rude comments) was caused not by the fact of using "unsafe", but by the rejection (with kind of rude reasoning) of patches, where unsafe code was replaced by safe, without performance costs.
|
||
|
|
||
|
OZ
@eugeniyoz
|
18. sij |
|
I agree that unsafe code is unavoidable sometimes, but we clearly have an opportunity to replace unsafe code with safe, we should have REALLY good reasons for not using safe code - big performance cost and 0 chance of vulnerabilities.
|
||
|
|
||