Hacker News new | ask | show | jobs
by dymk 1193 days ago
I agree with you and I'm not sure why you're being downvoted.

That being said, it's nice to be able to have guarantees about your build without having to look at the transitive closure of dependencies in your project. It'd be nice if crates could be marked as "hygienic build" or something, and a hygienic crate can only depend on other hygienic crates. And then something like `cargo check-hygienic` which fails if any dependencies are non-hygienic.
1 comments
stubish 1193 days ago
'avoid the crates that do it' requires careful vetting of all code in the crates you use and all the crate's dependencies, now and in all future versions of your crate and crate's dependencies. Which in reality turns out to be impractical for most projects in most work environments. And even if practical, turns out that many ways of vetting the code will expand the macros and do arbitrary code execution.
link
dymk 1193 days ago
> requires careful vetting of all code in the crates you use

I just explained it would be useful to have a cargo sub-command for automating this

link
jiggawatts 1193 days ago
You = “You and all your coworkers, forever.”
link