[gregwtmtno]

I love Rust, but it's important to understand what it promises and what it doesn't.

While Rust is considered a "safe" language, I think the term is a little misleading. I prefer "memory-safe." There are plenty of ways to mess up something like a password manager that don't involve failures of memory safety.

Additionally, Rust is only memory-safe to the extent that you do not use unsafe code and that includes the libraries that your project depends on.

That said, I am not qualified to evaluate the security of this project. It may very well be that this password manager is very secure.

[Manishearth]

In this context, it's also typesafe. A lot of bugs in python can come from mixing up types in cold paths or nulls. Rust doesn't have these issues.

[masklinn]

> Additionally, Rust is only memory-safe to the extent that you do not use unsafe code and that includes the libraries that your project depends on.

In much the same way other languages are only memory-safe to the extent that you don't use an FFI (or make sure you're using theme safely). You can trivially segfault CPython with ctypes.

Though unsafe code is probably more common in Rust than native code is in Ruby or Python owing to it being in closer reach and not requiring language switch and great complexity increase in distribution.

[steveklabnik]

  > probably more common

It depends. The idea with unsafe is to wrap it up inside of a library, and expose a safe interface, keeping the surface area as small as possible. So libraries will sometimes use unsafe code, but application code generally doesn't. Cargo, for example, has no unsafe in it. Regex, currently at the top of the benchmarks game, has no unsafe in it, even as a library.