|
|
|
|
|
|
by lawl
1473 days ago
|
|
|
This feels like the equivalent of AdressSanitizer and similar tools for C. They fix a problem that shouldn't exist. At least not this extreme. C has the excuse of being old, Rust does not have that excuse. Using npm as an inspiration for cargo is just really sad. |
|
|
Shouldn't exists because why? Because people should just be nice?
Supply-chain attacks are a real vector, one that seems to be able to have a larger impact by each day, as the OSS ecosystem grows and the dependency of using dependencies grow.
People want to be able to use 3rd party packages, like we've been doing for quite some time now. But there are a lot of them, and no (easy) way to manage exactly which one are "good" vs not, without manually going through each one of them, for each project.