I'm just curious and,yes, it's a bit off-topic AND forgetting the relevant dates, etc. that are at play here: isn't developing an SSL/TLS library the sort of thing that Rust should excel at? I see all those lines of C code (and clearly other non-C code) and am thinking of all the opportunities for bugs to come up related to pointer and memory management. Would such a library be a good use of Rust from the performance and safety perspective? Seems like it's how the language is being sold.
Note: I'm not a C developer nor do I typically work at this level of the stack, thus my seeking opinions.
The thing about rewrites is they're great if you're happy to wait three to five years to get back to feature parity with what you have today.
The BSD team needed a library that worked pretty much straight away as a drop in replacement, and then they could gradually bring in a new API on the side. If they had rewritten we'd still be waiting.
Also, the OpenBSD guys are really good at writing C. They have far safer versions of the standard memory and string handling functions, better functions for allocating arrays to guard against integer overflows calculating the size, etc., and the skill and strict standards to use them properly.
But there's a significant difference between auditing, cleaning up, and fixing up an old code base (which, however crappy, contains a lot of domain knowledge and bug fixes that have built up over the years), and a project to write exciting new bugs from scratch, in whatever language.
No, I wouldn't suggest such a thing for the project that is the subject of this story. But in the theoretical sense or if an upstart were to take a "start-from-scratch" approach starting today or maybe some time from now; that's where I'm wondering what those with better insight than I might think.
Note: I'm not a C developer nor do I typically work at this level of the stack, thus my seeking opinions.