out of curiosity, what makes it unacceptable?
-
There's at least a 2 order of magnitude difference there. Cargo makes things easy, but microdependencies is not a part of Rust culture
Given how hard it is to get an engineering role at Google, it's disappointing to hear that folks have such siloed experiences. This is roughly the dependency story of any other major language out there today (mostly thinking Python, Ruby, etc).
-
-
I'd expect folks in a role at Google to have more experience. "we've only done C++" feels like a poor excuse given how many people try to work there.
- 5 more replies
New conversation -
-
-
It is unacceptable to say that "every language community can accept this risk" as a justification for putting billions of private lives at risk. Also, FTR, I used to vendor all my ruby deps, and read them all. Hell I patched most of them. Check the author list on the top 1000.
-
I would expect that Google of all places has the resources to audit it's dependencies. Either way, I don't see how this makes cargo unsuitable as a build tool. You can leave the dependencies section blank.
- 5 more replies
New conversation -
-
-
This isn't about a lack of experience, it's about threat model. A large scale organization must manage licensing, security and many other dependency related concerns with faaaaar more care than average. Consider the risk for a moment. Billions of people.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.