Why not write it in Rust?

[rugk]

…or in any language without memory/overflow or similar issues.

[lambdafu]

Rust and Go are certainly interesting candidates for an implementation from scratch. But to keep motivation high, and to prevent yak shaving, I decided to fork off GnuPG, which is written in C. C++ seems to be a good candidate for a transitional language of a legacy project. Basically, it allows incremental improvements and a forward-thinking design. Applications written in modern C++ can be quite similarly structured to Rust or Go programs, and provide comparable guarantees at the margin, although I am aware of the limitations and that the defaults are all backwards! My hope is that a transition to C++ will lead towards an implementation which would be much easier to convert to Rust or Go than the current legacy code! There are also some practical concerns with regards to the number of developers, library support, etc. One big argument in favor of C++ is the Botan crypto library, which does a lot of the grunt work and convinced me that C++ doesn't need to suck (since then I have discovered other C++ libraries which are interesting in their own right). Bottom line is: I have no fundamental objection to Rust, or Go, and I have no particular interest in C++. It seems useful to do C++ now, and it could be more useful to change to something else later. Some information is also in this blog post. If you are looking for a fresh start for OpenPGP in Rust, you might be interested in Sequoia!

[rugk]

Thanks for the detailed reply! :+1: I'll totally understand your reasons here.

BTW as for the libraries I think at least in Rust you can include them too. (in an "insecure mode" or so)