[f00zz]

Sorry, but I'm not seeing how this will help. If I take e.g. libpng and rewrite it in Rust, then it's basically a new project. I don't understand how a patch replacing all existing code will be accepted upstream, or how the many projects using libpng will be convinced to use my new library.

[ploxiln]

One example: librsvg was rewritten from C into Rust, gradually, while retaining the C API:

https://gitlab.gnome.org/GNOME/librsvg https://people.gnome.org/~federico/news-2016-10.html

(I do not necessarily endorse this, as I find the dependency on a Rust compiler of very recent vintage, to be much more annoying than depending on any decent C compiler from the last 7 years or so.)

[tialaramex]

But the vastly many more users don't need that compiler right? If you merely write a program to render SVG you don't care, your program just got safer "magically" ? If you run such a program you aren't even aware anything happened, the updated version is apparently safer.

[NullPrefix]

Except for all the corner cases that were covered by the original and are not by the rewrite.

[tialaramex]

The librsvg author doesn't list any such corner cases.

Perhaps you can list some and why they were casualties of the Rust language rather than reasonable cleanup that would have happened in any rewrite?

[kingkilr]

It's a great question!

a) It being acceptable to upstream is mandatory to receive a bounty, so a starting point might be: pick projects whose maintainers are sick of dealing with ASAN reports! b) A huge number of people get their libpng or anything else via a package manager like Debian. Debian packages libpng from upstream. If libpng changes something about it's implementation, that'll be reflected in a future debian release.

This is going to be a long process, but we firmly believe the question has to be "how" not "if". If you've got better ideas for how we can promote the transition to memory safe languages, please let us know!

[imtringued]

Project coordination with opensource projects is a really difficult problem where you simply can't win. Sometimes a project is just bad and needs an overhaul even if it means 40% of the code has to be thrown out. Sometimes people fork the project but most of the time a project is started from scratch because it means full ownership and therefore a more productive working environment.

The number of times I've seen something that amounts to a 1-3 line code change being discussed for hours is absurd. If you are a new contributor who wants to help out by writing code it often feels like you are making the maintainers work harder than if you had done nothing for the project.