Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
Yeah your decade old single header libs get so many audits by comparison.
https://github.com/RustSec/rustsec/tree/main/cargo-audit
https://mozilla.github.io/cargo-vet/
cargo is not npm
Well, opinions in the Rust community clearly differ:
"Rust is blazingly fast and memory-efficient: with no runtime or garbage collector" [0]
I guess it depends on what you mean by a runtime. Panic handlers and initialisation code is a pretty small runtime.
[0] https://www.rust-lang.org/
That's a really good point that I feel like isn't talked about enough. Unsafe rust is a lot harder to write correctly than bog standard C, because you have to uphold the invariants to avoid undefined behavior (1). It's why there's a whole ebook about it (2).
That doesn't mean it's impossible to write correct unsafe code, it's just not as obvious as "trust me bro I know better than borrowck." You can't actually elide the invariants Rust upholds, you just have to take over from the compiler when it can't prove them.
(1) https://doc.rust-lang.org/reference/behavior-considered-unde...
(2) https://doc.rust-lang.org/nomicon/
https://github.com/memorysafety/sudo-rs/blob/main/proofs/sud...
sidenote: why there is no python like syntax language TLA+ and ability to generate a partial implementation you could hook into (complete) from that model.
C-sudo: https://github.com/sudo-project/sudo/graphs/contributors
Why not port https://github.com/Duncaen/OpenDoas to rust instead?
If the goal is security, then there is more to it than just using a memory safe language. Otherwise the result of this, possibly unwittingly, seems performative.