• The Doctor@beehaw.org
    link
    fedilink
    English
    arrow-up
    18
    ·
    5 months ago

    I wonder how many folks are just refusing to use Rust to spite the Rust Evangelism Strike Team.

        • delirious_owl@discuss.online
          link
          fedilink
          arrow-up
          4
          ·
          5 months ago

          It doesn’t verify downloads are authentic. Its an issue with almost all programming dependency managers besides mature ones like Java’s Maven.

          Python has been working with Facebook to fix this in pip for like a decade.

          But obviously it shows that rust isn’t so concerned about security.

          • uhN0id@programming.dev
            link
            fedilink
            arrow-up
            1
            ·
            5 months ago

            Ah interesting. Thank you, you’re giving me something to read about that I never considered for crates. I guess I just assumed because of the scrutiny Rust was built with and continues to go through that it would also apply to verifying crates. I have definitely heard about it with NPM so it should have been obvious that it might not be any different for crates. Thanks again!