Rust lacunae

> All of the core utilities, and many others, could be switched over to build with a C++ compiler and then incrementally modernized with overwhelmingly smaller effort than a wholesale rewrite,

Great plan on paper. The reasons why this does not work in practice are well known and have been detailed in about every single article about Rust.

- While much safer than C, even the "most modern" C++ is not as safe as Rust [1]

- Different C++ programmers seem to have different opinions about "modernity" (and everything C++?) "There is more than one way to do it", famous last words.

- Similarly, there is no simple tool or set of rules to detect unsafe/old C and tell when such a safety effort is "done". With Rust you know that safety is done when it compiles and all the unsafe blocks have been very carefully review. In C/C++ there is instead a patchwork of external checkers [2] with varying and overlapping coverage, rules and false positives.

- For the above reasons, safety regressions are easy even after you think you're done.

Last but not least:
- It's not fun, so no one is doing it.

The problem with safety and security is that they depend on "the weakest link". So incremental approaches that don't tell you when the job is done are flawed by design.

[1] https://alexgaynor.net/2019/apr/21/modern-c++-wont-save-us/
[2] ... that everyone should absolutely use despite their limitations

> Modern C++ practice, writing at a level of abstraction that confines risky operations to trusted libraries, is another. As such libraries are needed anyway, the cost is small.

Modularity and code re-use in C are indeed a joke, unlike safety this is a very good reason to switch to C++; no "weakest link" problem with modularity and immediate benefits. I bet there are other very good reasons to switch to C++; but not safety. Sorry.