Re: Git haas gone wild (Rust)

On Sun, Sep 7, 2025 at 9:37 PM Sulev-Madis Silber <
freebsd-hackers-freebsd-org952@ketas.si.pri.ee> wrote:

> i'm not really good in this field, but if rust and go are so complex, why
> use them at all?
>

Rust makes safety claims via its compile-time type and lifetime checking.
These do actually work fairly well, although I feel they give Rust a sort
of bondage-and-discipline language flavor. There are of course issues
(portability, build system, etc).

Go is actually pretty fun to use, in my experience. It solves variable
lifetime safety issues by being a garbage-collected language (there
are many pluses and minuses to this, and just because you can't use
a dead variable doesn't mean you can't build up enormous amounts
of useless garbage by forgetting to nil out something :-) ). It makes no
thread-safety claims (unlike Rust) and has threading built in as a
fundamental language construct, so you can still shoot yourself in
the foot; you're just encouraged to use safe constructs (channels
and messages) instead of risky ones (mutex etc).


> the idea of moving off of c was that it's less ways to shoot yourself into
> foot
>

In theory, maybe. See above.


> ... some projects are composed of 100 different components downloaded live
> from god knows which mitm'ed mirror and compromised repo with no sha512
> taken of anything
>
> js seems to be king in that. but also go
>

Both Go and Rust have mechanisms to deal with security issues here.
Making them all *work as desired* is a bit trickier, but we already have
this problem with ports.

Anyway, the Git project folks are also well aware of these issues,
including support for ancient versions of Linux (Git compatibility
generally tries to go back at least 10 years). The Git mailing list
discussion is, uhm, "active".

Chris