1. Oxide made an unproven statement ("QEMU is often the subject of bugs affecting its reliability and security.")
2. OP (bonzini) has given specific and valid arguments that that statement is wrong.
3. You're not answering to that specific arguments, but defending Rust and bashing C++ generally without giving any prove.
4. bonzini again provides specific arguments that your generalization is not correct in that context. That despite Firecracker being written in Rust it had a security issue.
5. You still insist without given any solid argument. You just insist that Rust is superior. Not helpful in any discussion. Think about it.
You're right on (1) and (2) - Oxide used weasel words when explaining the decision. My point is that their poor explanation doesn't necessarily mean it was the wrong decision. A bad defense attorney doesn't imply the defendant committed the crime.
I'm not bashing C++ beyond saying "any sufficiently large codebase originally written in C or C++ has memory safety bugs". I did not say those bugs are exploitable, just that they're present.
I'm also not insisting Rust is superior, except to say that it raises the floor of software quality, because it nearly eliminates a class of memory safety bugs.
Do you disagree? Neither of those statements implies C++ sucks or that Rust is awesome. Just 2 important data points (among many others) to consider in whatever context you're writing code in.
2. OP (bonzini) has given specific and valid arguments that that statement is wrong.
3. You're not answering to that specific arguments, but defending Rust and bashing C++ generally without giving any prove.
4. bonzini again provides specific arguments that your generalization is not correct in that context. That despite Firecracker being written in Rust it had a security issue.
5. You still insist without given any solid argument. You just insist that Rust is superior. Not helpful in any discussion. Think about it.
reply