He railed against the breathless descriptions not the languages themselves. I still agree with his put-up-or-shut-up position, and with throwing cold water on hype. My trade is engineering, and while I like whimsy as much as most humans, I will fight it when precision is critical.
About "Rust has nothing"? That wouldn't be a productive conversation.
On privsep being rare outside of C? What's the measure? I suspect privilege separation is present or not more based on the type of software, not the language used. And I'm sure you can find bad/good examples in software written in C, Go, Rust, Zig, etc.
There's all sorts of things in the OpenBSD ports collection that Theo probably doesn't use. A public rant about something you characterize as inconsequential is a bit odd.
Sebastien Marie wanted to make Zig work on OpenBSD. I don’t know why Raadt then respondend by saying that Zig hasn’t proved that it can do what it claims to do. But maybe I don’t understand this mailing list’s culture (or what “import Zig” means in this context other then to port to OpenBSD).
It's not a high bar, just plain honesty. I remember a while ago someone was promoting a language called v, making many claims of which some turned out completely untrue. This might be a norm in commercial software - some people believe that you can't sell anything if you don't exaggerate - but the open source world in general prefers a more honest approach. Hence many projects always remaining at 0.x release, for example.
It is a high bar that makes OpenBSD in security-sensitive roles way more appealing than a distribution with a lower bar. That high bar paid for itself repeatedly when I ran OpenBSD in the late 90s and early 2000s.
That's true, but not for the ports collection. There's all sorts of software there with historically bad track records in security. That's the point...it's just ports of a bunch of popular software.
