On Thu, May 18, 2017 at 08:12:18AM -0400, Steven Schveighoffer via Digitalmars-d wrote: [...] > Of course. But what business people would see is a huge company like > facebook being marginalized by a small startup, and having the > analysts say "well, it's mostly because they used Rust/D". The game > would be over at that point, regardless of the technical details of > the "true" root cause.
But how likely is it for the analysts to say "it's because they used Rust/D instead of C"? > Note: I just use facebook as an example of a company that is so large > and pervasive that everyone thinks they are unkillable, I don't really > think the strawman scenario above is likely. Remember the old saying, > "Nobody ever got fired for picking IBM"? How relevant is that today? Yeah, probably the shift away from C will be gradual, rather than overnight. [...] > Speaking of "memory safe" languages like PHP whose implementation is > not necessarily memory safe, there is a danger here also in how D is > moving towards memory safety. We still allow unsafe operations inside > @safe code, using @trusted. This is a necessary evil, but it's so very > important that the base libraries (druntime and phobos) keep this to a > minimum, and that we review those @trusted blocks to death. [...] Yes, and that is why it's a grave concern that Phobos has (or used to have) giant blocks of code under the heading `@trusted:`. Even entire functions marked @trusted are a concern, to me, if the function is more than 5-10 lines long. In the long run, I fear that if there are too many @trusted blocks in a given codebase (not necessarily Phobos), it will become too onerous to review, and could lead to hidden exploits that are overlooked by reviewers. I don't know how to solve this conundrum. T -- "Hi." "'Lo."
