My impression was always that Rust tries to make it harder to write memory related bugs. That doesn't mean it makes programming generally easier.

Personally I think a successor to C++ should not only tackle that problem but also make it easier to avoid other bugs.

For example it would be very desirable to easier write testable code in C++. It is possible but not really easy. As I looked into Rust it is even sometimes harder. I would expect that tests would be part of the language design. That's I am quite sceptical about Rust. Maybe it is like Pascal, very successful but in the end something new comes around.

Not necessary. If there is a mature existing library that you can reuse easily there is no reason to reinvent the wheel there just to avoid a dependency. In the C world, pulling in dependencies is a hassle so projects avoid dependencies as much as possible but when the tooling support for handling dependencies is reasonable in a language, there is no need to repeat that pattern. You can always vendorize it if you need to.

I'm happy that the essential user base is being written in a more secure and productive language, and I'm happy that the licensing and efficiency/performance make it more likely that embedded use cases and targets like android will make it more likely to converge on this project.

However, the simplicity of importing random crates in such a crucial piece of software, that is probably run as $UID == 0 more than $UID != 0, is that all of these crates are a vector for attacks. we see all the time that libraries in pypi node have caused attacks users of software that use those dependencies two, three levels deep. While this tradeoff might be worth it, it is still a tradeoff, and vastly widens the scope of code bases and techniques needed to analyze and understand the code that you are executing. I don't consider this a solved problem today, although i do think a lot of progress could be made in this area.

There is nothing special about that. It's the same as every other langauge. If libraries support multiple platforms then great. That's not what we are talking about. We're talking about the language itself and C is still king there. And since these are *core* utilities and need to be somewhat platform focused having abstractions sometimes doesn't make sense. Someone has to support the platform. Someone needs to write the ioctl calls for cp to manage reflink cow. Putting that behavior into a library is fine and dandy but it's not a big deal.

Zero? How about security? Speed? Functionality? API issue? Conflict of vision? Acting as if abstractions are perfect and there won't be issues with abstracting low level software or interactions with other project is just not realistic. You want core utils to become standard libs? Great. I agree and said that in my comment. If you think creating *core* utils with code maintained by others and not treated as carefully as coreutils needs to be is a good idea... I disagree. Projects die, maintainers abandon projects, focus changes, conflicts arise. I don't want my core utils to be relying on some library that mimics the actual coreutils ls behavior. I want the coreutils folks to provide the functionality as a library. Don't put the horse in front of the cart.

You're making it sound like shared libraries don't exist outside Rust. Lots of languages and platforms have centralized or semi-centralized library repos. And you get code reuse. Lots of it. That's not new. You also end up with industry wide pad left outages at some point. Acting like there are no tradeoffs to these things is just not reality. What happens if aho-corasick is abandoned? What if I need to support some esoteric platform. These are real issues that happen and should be part of the calculus when determining if a dependency is worth it.

Stating it is easier to get good perf in Rust is fine. Lots of languages are easier to use and offer easier initial optimization opportunities. Stating that for whatever reason some Rust devs have written libs that aren't as popular in other languages that make it easier to get some functionality is fine. But these things are in no way unique to Rust. It's happenstance.

"no reason"

Of course there are reasons. Just because you aren't familiar or unconcerned with them doesn't mean they don't exist. Security is a big reason to reinvent a wheel. And given coreutils run with elevated privs all the time it's pretty critical.

Reinventing the wheel doesn't make things magically more secure than a library and often can make things worse. Security is a very poor reason to do this.

Increasing the surface area of attack and giving up control over the depth of that area of attack makes things... better? Maybe check the pypi and npm scenes.

If your worried about losing your job to AI you are not a good programmer.

Except that Rust proves that a significant subset of security bugs cannot occur (~70% of security are related to memory management bugs which Rust catches at compile time). Thats not magic, thats math and while your argument would normally make sense the fact that its being rewritten in Rust puts a massive a hole in it.

Using a library doesn't automatically increase the surface area of attack. On the contrary, good code reuse reduces it significantly. Using a library doesn't include giving up control either. Cargo creates a lock file by default and you can readily use cargo-vendor to have a local copy of all the libraries you use in the same source. NPM and PyPI have a poor history of best practices but those experiences aren't the same here.