i think some twitter algorithm change or something has caused there to be a permanent βdebateβ about memory safety in c and it's revealed a lot of people i previously thought i respected to be pretty unserious
the recent xz backdoor has had a similar effect
how many hours of your life have you lost to being paid by a big-company employer trying to triage heuristic-based static analyser defect reports in a large c/c++ codebase? it's at least a two-digit number for me. i hope it wasn't three. i'm not sure i'd have survived four
it is incredibly tedious, exhausting work, which requires a great deal of knowledge, care, skill. it's also almost pointless. software quality is a very difficult problem. we are searching for needles in haystacks
if someone saw a glint from a corner of their eye, we were lucky
we will never have enough eyes to make all bugs shallow. we'll never find every needle in every haystack. the best we can do is try to reduce their size.
so i find you insufferable if you think the haystacks should remain large, or finding the xz needle means there's no problem
as a tangent i am also a burnt out open source maintainer and i burnt out because i cared too much about code quality
and of course when you care about quality and burn out, the end result is always just that the quality level drops. either you stop entirely and the project is forked, or you hand over to a new maintainer who can't maintain those standards as they don't have the knowledge
one of my problems is i'm very hesitant to add new dependencies. i'd prefer to write a few pages of code myself than depend on an external library. or use one that's small. at least i understand it then.
but your own code is also a liability! you probably did it wrong.
