|
|
|
|
|
|
by insanitybit
6 days ago
|
|
|
It's not a trade. It isn't "because we got memory safety we have to lose supply chain security". Rust, like every other language, has put minimal preemptive effort into supply chain security. There's recently basic stuff like Trusted Publishing and dependency cooldowns are on the way, but that's it in terms of native features - nothing novel or special, really. Thankfully the community has built `cargo-vet`, which is basically a best-in-class distributed auditing system. |
|
|