|
|
Subscribe / Log in / New account

Should C++ be deprecated?

Should C++ be deprecated?

Posted Oct 16, 2025 18:56 UTC (Thu) by LtWorf (subscriber, #124958)
In reply to: Should C++ be deprecated? by taladar
Parent article: Comparing Rust to Carbon

The xz thing happened on a rather small dependency. The weekly disaster that happens on npm/pypi are usually on tiny things.

Do you have other examples?

to post comments

Should C++ be deprecated?

Posted Oct 17, 2025 8:29 UTC (Fri) by taladar (subscriber, #68407) [Link] (5 responses)

Do languages with large dependencies even have the tooling to find these?

The era of these kinds of supply chain attacks is only a few years old

I know e.g. Daniel Stenberg regularly talks in his blog about bugs that have been in the curl code base for a decade or more and that is a medium sized code base with relatively strict testing and oversight so I wouldn't be surprised if a vulnerability smuggled into something the size of Qt, LLVM or Chromium Embedded Framework with corners that haven't seen updates in years will only be discovered by 2040 by accident.

Should C++ be deprecated?

Posted Oct 17, 2025 8:43 UTC (Fri) by LtWorf (subscriber, #124958) [Link] (4 responses)

We're talking about supply chain attacks, not bugs. Do you have relevant examples or not?

Should C++ be deprecated?

Posted Oct 17, 2025 12:15 UTC (Fri) by taladar (subscriber, #68407) [Link] (3 responses)

My entire point is that nobody looks at those code bases so we simply don't know. Meanwhile the languages with small dependencies actually develop tooling to make those problems visible.

Should C++ be deprecated?

Posted Oct 19, 2025 6:13 UTC (Sun) by LtWorf (subscriber, #124958) [Link] (2 responses)

The Russel teapot principle of supply chain attacks…

Should C++ be deprecated?

Posted Oct 20, 2025 7:33 UTC (Mon) by taladar (subscriber, #68407) [Link] (1 responses)

Once you see your e.g. Qt bugs migrated to the third bug tracker in a decade without even getting a response you do tend to get a bit jaded about the claim that large libraries of that kind are "maintained".

Should C++ be deprecated?

Posted Oct 20, 2025 14:37 UTC (Mon) by smurf (subscriber, #17840) [Link]

Consider yourself lucky if the bug stays open and isn't auto-closed after two releases. No you can't re-open the beast, just open a new one. No you didn't get notified to check whether the problem is solved, that'd be too easy.

Affected (or rather affecting) projects shall not be named here. You know who you are.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds