logoalt Hacker News

cogman10yesterday at 5:38 PM2 repliesview on HN

If you can bring in 3rd party libraries, you can be hit with a supply chain attack. C and C++ aren't immune, it's just harder to pull off due to dependency management being more complex (meaning you'll work with less dependencies naturally).


Replies

jacquesmyesterday at 8:40 PM

It's not more complex in C or C++, you just have less of a culture of buying into a whole eco-system. C and C++ play nice with the build system that you bring, rather than that you are forced into a particular way of working.

It's 'just a compiler' (ok, a bit more than that). I don't need to use a particular IDE, a particular build system, a particular package manager or even a particular repository.

That is not to throw shade on those other languages, each to their own, but I just like my tools to stay in their lane.

Just like I have a drawer full of different hammers rather than one hammer with 12 different heads, a screwdriver, a hardware store and a drill attachment. I wouldn't know what to do with it.

skydhashyesterday at 6:29 PM

You’ll find more quality libraries in C because people don’t care about splitting them down to microscopic parcels. Even something like ‘just’ have tens of deps, including one to check that something is executable.

https://github.com/casey/just/blob/master/Cargo.toml

That’s just asking for trouble down the line.

show 2 replies