And physical products are constantly being recalled because problems are found on them after they’ve been released.
The problem we have here isn’t that a 40 year old software was written in C. It is that open source doesn’t have the resources to replace a lot of its core infrastructure, like how commercial physical products do.
All of the discussions in this thread about lack of legislation and even taking developers to court completely miss the root problem that there simply isn’t the man power to make these changes.
So what’s the solution?
1. Get businesses to invest more into open source? They’ll just pivot to closed source projects and we’ll be in the same dilemma we are now but with far more bad code out there and far less ability to patch it.
2. We could get the governments to pay for open source development? That’s never going to be popular. Particularly in circles like HN which are generally against government intervention.
3. Or we could just keep patching older software in C when these bugs crop up.
…and this is exactly why we are in the situation we are in. Because it is the only practical solution. It might not be pretty and it might lead to repeated complaints about old code but until open source funding changes drastically, it’s the only option available to us.
Source: someone who writes open source software in memory safe languages but has to do so as a hobby because I also have a family to feed.
The problem we have here isn’t that a 40 year old software was written in C. It is that open source doesn’t have the resources to replace a lot of its core infrastructure, like how commercial physical products do.
All of the discussions in this thread about lack of legislation and even taking developers to court completely miss the root problem that there simply isn’t the man power to make these changes.
So what’s the solution?
1. Get businesses to invest more into open source? They’ll just pivot to closed source projects and we’ll be in the same dilemma we are now but with far more bad code out there and far less ability to patch it.
2. We could get the governments to pay for open source development? That’s never going to be popular. Particularly in circles like HN which are generally against government intervention.
3. Or we could just keep patching older software in C when these bugs crop up.
…and this is exactly why we are in the situation we are in. Because it is the only practical solution. It might not be pretty and it might lead to repeated complaints about old code but until open source funding changes drastically, it’s the only option available to us.
Source: someone who writes open source software in memory safe languages but has to do so as a hobby because I also have a family to feed.