There are people doing that, there is one or more kernles written in Rust but still even Rust evangelist are not using it daily but demand for people to waste time rewriting in Rust.
A technical reason for GNU/Linux not to use Rust or Go is that C supports a lot more platforms so you can't replace core components at this moment, also I want to remind you that memory safe languages existed before Go and Rust and the only project I am aware to create a safe OS and utilities was Midori by Microsoft.
Firefox and it's dependencies is not yet 100% Rust so I honestly expect a new browser started from scratch in a safe language to be done before Firefox is "ported".
> I honestly expect a new browser started from scratch in a safe language to be done before Firefox is "ported".
That is a gargantuan project considering all the standards you need to support to have a competitive web browser. Especially javascript engine, video codecs and webgl are attack surfaces that is difficult to replace with code written in a safe language.
I think is less work then pressuring existing projects to be rewritten in Rust. I would usggest Rust fans to pcik one of those dependencies like a codec and reimplementit in Rust or gather money to pay someone to do it, I think it would be faster and less hostile.
From what I read Mozilla fired one or more Rust developers related to the JIT or the interpreter and IMO the JIT should have been the first thing rewritten in Rust since that is one of the components that run arbitrary code. I really hope they can finish the port and I can't wait to see how many zero days will it have.
most of the JIT bugs were probably due to generating unsafe code instead of generating from unsafe code. Rewriting a new JIT will probably increase the number of zero days.
That's a ridiculous statement. Most of Linux isn't reviewed by security experts either... and the codebase for linux absolutely dwarfs redox, and every line of Linux is C.
For starters from Google, with their Linux Kernel Self Preservation project, where an endless list of exploits have been fixed, starting by removal from all VLAs in the kernel source.
Going forward, all Android devices on ARM are required to use ARM MTE, because the only way to keep C develoeprs on track is to have hardware control their pointer usage.
Given that Linux kernel downstream on Qubes , ChromeOS and Android are the only ones with all of the security counter measured turned on, that speaks a lot for the standard Linux kernel on random distribution X.
A technical reason for GNU/Linux not to use Rust or Go is that C supports a lot more platforms so you can't replace core components at this moment, also I want to remind you that memory safe languages existed before Go and Rust and the only project I am aware to create a safe OS and utilities was Midori by Microsoft.
Firefox and it's dependencies is not yet 100% Rust so I honestly expect a new browser started from scratch in a safe language to be done before Firefox is "ported".