|
|
|
|
|
|
by woodruffw
474 days ago
|
|
|
I think it'd be more productive to say that instead, since it's strictly more correct than comparing it to left-pad. (An interesting thing to consider: the worst "supply-chain" type attack in recent memory is probably xz, which has a much more traditional maintenance, development, and distribution model than the median Rust package does. I don't think Rust's ecosystem is even remotely immune to the risk of malicious packages, but I imagine the kinds of dependencies that exist in the current coreutils are much more appealing to a high-sophistication attacker because of their relative lack of publicity/transparency.) |
|
|