[latiera]

Oh but it DOES mean that Rust has no value, at least regarding security. Once you give them the rope, they WILL use it. Let's see if time will prove me right.

[kibwen]

Every language has a C FFI that users can use as rope to hang themselves with. `unsafe` code in Rust is just a reified FFI that actually manages to make Rust code safer because it means fewer things need to be written in C, and even unsafe Rust code is safer than C. Furthermore, the strict demarcation of `unsafe` blocks greatly alleviates the burden upon code auditors, allowing them to focus their efforts. Even if an extraordinarily high percentage of your code is contained within unsafe blocks, say 10%, that's ten times less code to audit than an equivalently-sized C codebase.

[nnethercote]

You remind me of a guy I once knew who reasoned that because type systems could not prevent all bugs, they were useless.

"Half a hole is still a hole," he said smugly.

"But it's a much smaller hole," I replied.