> The advantage here is that, if and when there are bugs in this code, you only have to look at the modules containing those unsafe invocations, rather than the entire codebase.
That is a brilliant feature I had not thought of. Thanks!
No problem! I think the skepticism is very warranted. We know that these systems can be created, but we don't have examples of this working at the same scale as projects like Linux yet. That takes time and effort, exactly as Linus and Greg Kroah-Hartman say. We'll see how it works out in practice. I also think the "de novo system" and "adding Rust into a large existing system" are two related, but different, problems, with their own unique challenges.
One great thing that I see with Rust is that the developers are open to extensions of the language that are provided just to be more compatible to the C memory model (like anonymous unions). I don't know many other languages like that.
That is a brilliant feature I had not thought of. Thanks!