[tdimitrov]

Rust is a nice language for greenfield system software project. But everyone in the software industry knows that you can't just put a project on hold and rewrite completely in new language. I can't see anything good coming from this initiative.

[rkangel]

Which is why the word 'incremental' is key here. They didn't rewrite the whole of cURL - they rewrote a key component.

Yes, ideally the whole program would be rewritten but security is not about absolutes. For a manageable amount of effort they have reduced the attack surface significantly.

[galgalesh]

Rust is designed to integrate into legacy codebases so security critical code can be rewritten in small steps. See the URL parser I Firefox. Moreover, the initiative this post is talking about uses rust to rewrite small parts of a C codebase.

Honestly, I'm getting more and more disappointed by the quality of discussion here on HN.

[tdimitrov]

Thanks for the kind words :)

There is no such thing as security critical code. If it is out there - it can be expoloited. There are a lot of stories with minor exploit chaining leading to huge compromise.

[safercplusplus]

Some solutions aren't that well publicized. Here is an example of an open source png encoder/decoder written in C (mostly) being auto-translated to a memory-safe subset of C++:

https://github.com/duneroadrunner/SaferCPlusPlus-AutoTransla...

[cesarb]

Rust is a nice language for gradual rewrites too, especially when the original language was C. Some examples are Mercurial, librsvg, and Mozilla Firefox.