Not Your Daily Driver: Don't Build With Rust or Adopt Rust-based Software If You Value Long-Term Reliance
THE hype is real. The hype is gradually waning though.
Rust is a whole bunch of hype. Controlled by Microsoft in GitHub, and constantly muzzling critics (even Microsoft critics) with its corporate code of conduct (CCOC), the project has not much substance by which to defend itself from much-needed scrutiny. The glaring legal and technical issues aside, there's also brain drain and the remnants of a dying Mozilla. Many leadership figures quit the project in recent years. Do you want a software piece that you rely on (or develop) to depend on this?
So far the only rebuttal to our criticism of Rust is a non-rebuttal; it seems ad hominem attacks are the way to go. If we criticise the OSI, then it must be closeted homophobia and rejection of Rust must somehow be transphobic.
The Rust project has just released another issue of This Week in Rust and one key person, Niko Matsakis, boasts a 6-week release cycle. Shades of Chrome/ium, systemd, and Linux...
Projects you cannot fork or barely fork. Probably by intention and procedural design.
To quote Matsakis, "Release trains make releasing a new release a “non-event”. Feature-based releases, in contrast, are super stressful!"
Who to? Users? Developers who use Rust? Developers who make Rust?
Drew DeVault's blog was spot-on when he published "Rust: "Move fast and break things" as a moral imperative" in 2021.
When you bring Rust-based stuff to a distro (sadly, this means the kernel too) you introduce extra complexity with bloated new chains that change even more often than PHP or Python (new versions cannot reliably handle old software). This is inherently different from concerns about Mono inside distributions, but "dependency hygiene" may still be duly needed. I've not developed in Rust myself, but I attempted to build stuff with Rust on some systems over the years and it was unpleasant. I was unimpressed. We need simpler tools, not more complex ones. The promise of "improved security" did not even age well. Rust itself is a security "attack surface". █