alt Hacker NewsThe analogy is more like
"Here's a free car on a parking lot. You can take it if you want it for free. The car hasn't been inspected and there are no guarantees that it's road-worthy".
I think this is perfectly acceptable in most countries and I doubt you'd have any standing to sue if the car turns out to have safety issues.
Poor analogy. Nobody is saying that there is a legal obligation for the Rust community to improve supply chain security, but this post is saying it's already fine; we don't need to improve things - just do your own auditing! which is the kind of "just don't make mistakes" bullshit that led people to create Rust in the first place.