|
|
|
|
|
|
by flooow
811 days ago
|
|
|
The chances of cargo update pulling in some updated dependency which is now compromised with malware is low. The chances of a compromised dependency getting past `cargo-audit` are low. The chances of compromised code causing measurable harm are low. The repercussions for me publishing compromised code are low. The effort I would have to expend to manually check the code is high. So yes, I `cargo update`. |
|
|
[1] https://news.ycombinator.com/item?id=39832559