On Wed, Aug 27, 2025 at 10:06:17AM -0700, Junio C Hamano wrote: > <rsbecker@xxxxxxxxxxxxx> writes: > > >>So my impression is that the main contention here is a concern that worsening the > >>portability will make it harder to push out security fixes in either direction. But I > >>don't think that's necessarily the case. Even if it is, I would again hope that the track > >>record of the folks on the git-security list would suggest that we'd do the right thing > >>and not abandon users on older platforms the moment Rust is introduced into the > >>codebase. > > > > This is indeed my concern and hope, Taylor, as the maintainer for a platform that is > > feeling abandoned. Please note that HPE NonStop is an actively maintained and > > vendor supported commercial platform based on x86_64 POSIX, just not a > > Linux/Windows machine. > > Thanks for a friendly conversation, but I would have to say that > Taylor's "we know we end up having to support both, and we will do > so" is way underestimates the cost to do so. I don't mean to imply that doing so would not be costly or require additional effort. I was trying to highlight that I believe we on the git-security list have demonstrated a track record of supporting quite old release tracks when new security releases are cut. I don't mean to suggest whatsoever that adding Rust into the mix would somehow not have an effect on the costliness of maintaining support for older versions, just that I believe we have show ourselves to be up to the challenge. (As an aside, I mentioned in my earlier email to Randall that I have a suspicion that Rust code will have fewer security issues than C code, and so the likelihood of needing to backport a security fix from Rust to C seems lower to me than having to simply patch old C code. Time will tell, I guess.) Thanks, Taylor
