When the left-pad debacle happened, I feared that people would conclude “dependencies are bad”. (Instead of the logical conclusion, which is “don’t allow dependencies to be deleted from package registries.”) That prediction turned out to be true. :(
-
-
Agreed. Trust is a tricky problem to handle. I'll point out that *most* of the discussion around trust and crates is reactionary to "npm problems" and that's super unhealthy: it leads to half solutions that don't actually work out for most use cases of trust
-
Yeah that sucks and is counter productive. I can definitely understand the frustration though, especially when it is at least (IMO) partially a cultural problem. As I said in reddit comments, I'm part of the problem too. I'm hopeful that some gentle push back will be beneficial.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.