alt Hacker NewsIf anything, from a security standpoint, this is one of the bigger issues with a rewrite in Rust. Besides the "MIT EVERYTHING" mindset, Rust people are also similar to JS devs in having projects with huge supply chain attack surfaces, from their eagerness to rely on so many crates.
Replies
pdimitar • last Friday at 3:06 PM
I agree this is problematic, sure, and is not unique to Rust or JS. Feel free to propose and work on something better, I'd be your enthusiastic supporter.
It's simply a way to be able to move at a reasonable speed is how I see it.
On the flip side C/C++ devs like to let ancient libs hang around because updating them can be such a pain in the ass.
You can choose to write Rust with fewer external crates or vendor them like you would with c++ that is a dev choice.
Having more choices is better.