by Titanous on 7/27/20, 5:51 PM with 23 comments
by f00zz on 7/27/20, 7:56 PM
by kingkilr on 7/27/20, 6:17 PM
by hackcasual on 7/27/20, 6:24 PM
> A: The Fish in a Barrel Memory Safety Bounty only rewards contributions that are merged upstream. We strongly encourage people interested in pursuing a bounty to work with, not against, open source maintainers and to behave respectfully.
It's good to see this called out specifically, but I can't help but think this is attaching a monetary incentive to badger a project to accept a patch that at the very least requires changes to the project build system
by rurban on 7/29/20, 12:06 PM
Rust is memory safe only in documentation but not in practise.[1] Rather provide bounties for real memory safe languages. Rust is also neither type safe[2] nor concurrency safe[3].
1: eg https://github.com/rust-lang/rust/issues?q=is%3Aissue+is%3Ao... but this is just the surface. alloca is not only unsafe but also security critical. Rust stack allocates too much unchecked.
2. https://doc.rust-lang.org/reference/unsafe-blocks.html
3. Races as eg with https://doc.rust-lang.org/reference/items/static-items.html?... requiring manual mutexes