|
|
|
|
|
|
by suby
1027 days ago
|
|
|
The world hasn't ended, but I'd argue that the number of malicious actors within the space is rising, as are the consequences of being compromised. We're simply seeing more and more malware make its way into open source ecosystems, and I don't imagine the trend will be reversing. For this reason alone we should be striving to achieve full build reproducibility, though I agree with you that demonizing (or threatening) Dtolnay is wildly inappropriate. |
|
|
But we've gone from 0% to 100% overnight and as usual people have adopted it as their new religion and they want to burn all the heretics and there can be no compromise.
I seriously doubt that this one specific issue was all that important in the larger problem of securing the supply chain, and there was a very good reason why it was done (which has now been entirely thrown away, which will certainly harm adoption of rust). I don't think it was remotely comparable to the way all of npm is a security hole.