@Ed Christian mentioned gnunet-rust which is here (https://github.com/canndrew/gnunet-rs). It's an early work-in-progress which consists mainly of bindings to the existing C libraries but with some parts reimplemented. If you want to expand it any way I'm happy to accept pull requests. Rust is probably the best language around for combining safety with low-level systems programming so it sounds like the sort of thing you're looking for.
@Christian > even though I personally think the choice of language is not the most > critical security issue today I personally think the importance of choice of language is hard to overstate. If your language's compiler treats any potential buffer overflow as an error then you've eliminated buffer overflows from your code for all and forever. Rust also permabans null pointer dereferences, dangling pointers and most kinds of race condition. Then there's languages with even more advanced type systems that let you do things like reason about the behaviour of processes communicating over a network and prove that certain conditions hold. Apparmor profiles and disciplined development will never be as good as having this kind of static analysis built into the language. I'm not saying the GNUnet devs should all switch to fancy-language-of-the-day, that's not practical. Just that if they did then security (and bugs in general) would pretty much be a solved problem. - Andrew
signature.asc
Description: Digital signature
_______________________________________________ GNUnet-developers mailing list [email protected] https://lists.gnu.org/mailman/listinfo/gnunet-developers
