I'll leave others to discuss the pros and cons of the qmail software. In the general points
he makes about security and bugs, djb is right on the money.
For example in this day and age why do we still tolerate or encourage language semantics where
x = y + 1
could result in x either having a larger value than y or a smaller value, depending on what y
contains? Who decided that
should have undefined behaviour if the array a has less than 55 elements allocated? Surely it
would make more sense to do something safe instead of something random. Even aborting the
whole program would be better than the current silently-bizarre semantics of arithmetic
overflow or bad memory access.
There were once good reasons why unchecked arithmetic and unchecked memory access were the
default. But with machines thousands of times faster than they were in the 1970s, as djb
says, the time is long overdue to get the code right first, and then worry about speeding it
up later. A programming language's job should be to make it harder to write incorrect code.
There can still be unsafe_add() and unsafe_array_access() builtins for those who really need