I’m a huge fan of memory safety but if you’re going to hector other people about open source projects you should either be volunteering code or sending serious money.
“You should rewrite your large C project” is not helpful unless you’re showing up to help.
“Here’s a specific bug you should fix” is different because it’s multiple orders of magnitude less work and doesn’t involve throwing out a ton of perfectly serviceable code.
Obviously actually helping right on the spot can be seen as more valuable, yes. In a perfect world.
In the world we live in, that's just not possible. Can you right every wrong you've ever witnessed?
Some of us see systemic and bigger problems and point those out. In your example it's fair to conclude "writing mission-critical code in C is an unjustified risk". Case in point, in a world where Heartbleed actually happened, that should've led to maintainers admitting that their language of choice isn't the right tool for the job.
As engineers we must be pragmatic. Yet many act like you're attacking their kids if you say "your programming language of choice is ill-suited for writing safe code".
This surprises me to this day, though I guess it really shouldn't. Like you, I imagine a perfect world.
> Some of us see systemic and bigger problems and point those out.
Consider whether this is more useful than saying “you know, you should probably find more time to go to the gym”. Anyone writing C code has heard this by now, and repetition probably isn’t going to help.
What could work is what we have seen successfully with Firefox, Linux, Chrome, Android, etc. where people didn’t demand a massive rewrite but instead showed up to work and picked something small where benefits could be seen quickly. Rust has excellent interoperability so you can do that well but you might run into challenges on projects like OpenSSH which have been ported to all kinds of obscure platforms.
(And, to be clear, I like Rust. It’s just I also understand open source maintainer burnout having had plenty of people suggest huge changes they thought were super important but still not enough that they personally wanted to help.)
I refuse to keep quiet unless I can do somebody's work for them.
Framing the whole thing like "saying C isn't cutting it anymore isn't a useful thing to say" is disingenuous.
As professionals we have to keep ourselves to higher standards. Currently I work in a company where the CTO said "screw you all" and forced a rewrite. And you know what? Recently we released the rewrite and it's going better and better each day.
These things do happen. Informed people with political capital to spend do exist.
It's a shame that the industry at large is mostly just comprised of followers.
(As for gradual rewrites, look at this thread. People are getting worked up just by saying the word "Rust". It's very sad but also kinda hilarious observing [supposed] adults act like that.)
