[Retra]

The nightly compiler is unstable, not insecure. If it is insecure, that has nothing to do with stability. If the insecurity is not discovered, it can be stabilized just the same as any other problem can.

Your concern is that the instability increases the risk of an insecurity, but that is more like arguing that a finger prick on an otherwise healthy patient is irrelevant because that patient could become mortally wounded in the future. Hospitals treat the patients they have, they don't say "ah, you could die in a car accident anyway, might as well not help anybody."

[mevile]

Yes segmentation faults have never been known to lead to security vulnerabilities. It's perfectly fine to use the nightly build in a production web application. Why even have a stable build. Also there's probably a really good reason why the macros rocket.rs depends on aren't in the stable builds, don't you think?

I want to also say rocket.rs is amazing, and I don't at all fault all the amazing things the contributors are doing. It's a great project, with just superb features and support. I think they should keep going and eventually rocket.rs will be an amazing choice for web developers who want all the benefits of rust. Yes of course they should care about application security.

What I do fault is people now who are going to run a production application with a binary built with a nightly compiler. They are doing a disservice to their users, to their fellow coworkers, and any investors if they have any. There's no sane reason for pitching rocket.rs using experimental features of rust as a part of any project on which people's jobs and users' data depend on.