Comment by acdha

Look, I like Rust and ported every bit of C I used to it a decade ago but this is not a compelling argument. The coreutils rewrite is an existence proof that the typing system doesn’t motivate this class of error and a moment’s thought would explain why (you’d have to be very familiar with the attack patterns to know to create types like “handle to private file failing if the name exists” and they weren’t).

What could help would be a modern API implementing the same patterns that GNU coreutils evolved over the last 4 decades but that’d be less the language than the library and it’d only go so far because some of those utilities legitimately need to things which are otherwise rare in most applications.