Nobody is being entitled or demanding that others do work. We just also aren't saying "it's fine; there's no problem".

In any case just paying people do to a ton of auditing is clearly a terrible solution. We need structural changes, like:

* Namespaces on crates.io (I believe people are working on this).

* Crate level effects systems ("zlib shouldn't be able to access environment variables, the filesystem or network"). No idea if anyone is working on that or if it is already possible. CHERI provides one solution which people definitely are working on.

* Probably a bigger standard library, or at least a set of crates that are maintained by core Rust developers. I vaguely recall that this might happen.

Anyway the sensible among as aren't demanding this work. We're just saying it would be really good if it happened.

Whereas this misguided person is saying "nothing more is needed" which shows a lack of understanding and imagination.