But this is irrelevant. If you're afraid of third-party code, you can just... choose not to use third-party code? Meanwhile, if I'm afraid of memory corruption in C, I cannot just choose not to have memory corruption; I must instead simply choose not to use C. Meanwhile, Chromium uses tons of third-party Rust code, and has thereby judged the risk differently.

▲

JoeAltmaier 2 hours ago | parent [-]

Maybe it's more complicated than that? With allocate/delete discipline, C can be fairly safe memory-wise (written a million lines of code in C). But automated package managers etc can bring in code under the covers, and you end up with something you didn't ask for. By that point of view, we reverse the conclusion.

	▲	nagaiaida 40 minutes ago \| parent \| next [-]
		yes, people often invoke "simply write safer c" but that doesn't make it any more realistic of a proposition in aggregate as we keep seeing.
	▲	stackghost 43 minutes ago \| parent \| prev [-]
		>With allocate/delete discipline, C can be fairly safe memory-wise (written a million lines of code in C) The last 40-50 years have conclusively shown us that relying on the programmer to be disciplined, yourself included, does not work.