[Barrin92]

I don't understand why redhat in particular still is so obsessed with C. I saw that Flatpak was written in C looking at the repo recently and for such a security relevant, relatively young project I don't know why people still stick to non-GC languages.

[kirbyfan64sos]

Rust came out in 2015, a year after the first release of Flatpak (back when it was still called xdg-app) in 2014. The ecosystem was also much smaller; some very necessary things for working nicely on Linux that exist now like zbus (the prominent async-compatible D-Bus library) wouldn't be a thing for several more years.

RH does have an interest in Rust, used in projects such as Stratis. It's just that the Linux dev ecosystem has been very C-reliant for a long time, and a massive amount of binding and other ecosystem work is still happening to make this possible.

*EDIT:* and the reason I mention Rust specifically is that, in these types of lower-level projects, a lot of things can start to get hairy very quickly in higher level languages. Things like some namespace APIs very much wanting to be run on a single thread, or trying to maintain performance when you're intercepting and examining every D-Bus message, or even just when you want your functionality to be in a reusable core library.

[adrianN]

Safer systems languages than C predate C.

[cryptonector]

But the Unix environment is written in C, and there's a ton of legacy from the past several decades still to migrate from C. It's going to be slow going. That said, ditching sudo seems like the right thing to do, but then, writing a drop-in replacement is non-trivial too because sudo/sudoers is so baroque -- yet w/o a non-drop-in replacement would require user/customer migrations.

Meanwhile RedHat and others don't have infinite resources, and they inherited sudo.

[pjmlp]

Yes, because UNIX authors decided it was more fun to create C and ignore the history of safer systems programming.

They were also open about it, and thus created lint for validating the code, which most people ignore when writing C code.

[adrianN]

Sure, there is a mountain of legacy code. But why start Flatpak in C?

[imran-iq]

Because C can run on almost everything? For example, take Doom and the whole "Can it run Doom?" meme

[pjmlp]

Except for some weird architectures, where C is supported, C++ is as well.

And if either GCC or clang are supported, they support safer languages than C and C++ on their standard collection of frontends.

[adrianN]

How many architectures run Flatpak that don't have a compiler for any safer systems language? I don't think you run Flatpak on weird embedded chips, but maybe I'm mistaken.

[jeroenhd]

I understand why they stick to non-GC languages (performance, startup time, the need for maintained wrappers for native calls, etc.), but I don't understand why they don't pick better ones. Rust is nice and shiny but even modern C++ with some good conventions would be miles ahead of plain old C.

Languages like D even allow you to disable the garbage collector for specific methods, giving you the benefit of GC-less performance and characteristics in critical code paths and the YOLO memory management of GC languages in the wrappers around them.

I guess the answer is "because all the people over at Redhat know C"

[dralley]

Well, work on flatpak started around 2013, 2 years before Rust was 1.0 (much less mature). So it's pretty new but not quite that new.

Just to throw out some guesses:

1) "because dynamic linking", if you're an OS vendor being able to ship one package to fix a security vulnerability instead of 50 is a big deal

2) you probably want to have a C-compatible API anyway so that it's possible to use the code from other languages, so combined with 1) the benefit of a language like Rust or D would be dulled slightly. Not eliminated, just reduced.

3) Less common architectures POWER and s390x are still relevant platforms in enterprise and while languages like Rust do have some support for them, C compilers for those platforms definitely get more attention.

[chpatrick]

What about modern C++?

[dottedmag]

You meant unsafe, not non-GC?