Also, having critical software depend on one guy is not safe. We should avoid that. If critical software depends on one guy it should be phased out.

I’m sorry to say 90% of the internet’s load bearing infrastructure is in this situation. It’s just how the story goes, everybody wants to build low-stakes toy projects, nobody wants to do high-effort low-reward infrastructure work.

“Writing something new using modern tools” is all fun and sparkles, but then you run into the same issues as rsync except without the experience. Then you get attention from attackers, you get security issues, which you have to patch with defensive code which is not appealing to read and zero fun to write. Before you know it your project is “decades of Rust/Zig/Lisp” which nobody wants to touch and you’re back at square one. All you’ve accomplished is give the attackers a few years of low hanging fruit and easy exploits.

There’s a reason why we get a million shiny toys a year but solutions like rsync stay entrenched for decades.