That ignores what Servo actually is. The entire point of it is that it's written from the ground up in a modern, typesafe language. External libs take away from that and add security and performance concerns.
Fair enough. I appreciate that bold ambition, and I realize it's an R&D project :). It just has a little bad negative aftertaste to it in this context, considering that Harfbuzz has been a really good example of a body of code that solves a hard problem and has been collaborated on and adopted by many different parties. Going NIH on it, even with noble intent and explicit technical reasons, just feels like a step backward, and like trying to do too many things at once.
I guess what it comes down to is whether what Servo is justifies that lack of pragmatism: That's what it'll have to prove.
FWIW, there are two Harfbuzzes: the old one that is derived from Qt code that many people have collaborated and hammered on over the years, and the new one that Mozilla uses that was rewritten from scratch by one person. The new one is likely better-written overall (the author generally knows what he's doing), but it's not really true that Harfbuzz (as Mozilla uses it) has been collaborated on by many parties or has had as much (or any) security analysis.
(I worked on relevant pieces of Chrome, which has has a bunch of security issues due to bugs in the older, presumably more vetted, Harfbuzz, so I don't have a lot of confidence of code in this area. Lots of indexing into arrays.)
