I hope that whatever solutions we come up with to handle the too-many-dependencies problem don’t stifle people’s motivation to create and share new packages. It’s not a given that useful libraries are going to exist. Too much friction and people will just stop sharing code.
-
-
The reason that I make a point of asking this question every time I see it come up is that I’m unconvinced it’s a problem — or a problem that requires action beyond the independent decisions of crate authors.
-
For instance, it’s possible for Rust users to write and use crates that have a minimal set of dependencies, if that’s something they value compared to all the other tradeoffs. And that can be done, today, e.g.:pic.twitter.com/kSN53ISxsy
End of conversation
New conversation -
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
that's a big one. not only can packages be handed off to irresponsible|malicious|?? maintainers, build scripts are fairly arbitrary code execution in build environments
-
i recall a few instances where no one even noticed packages had "Extra Features" introduced until a server or site or something went down significantly later - not cargo, but i think we can't assume someone would notice in a timely manner
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.