undefined | Better HN

0 pointsl33t73322731y ago0 comments

Is security not a technical merit?

0 comments

It is but there are other technical and non-technical merits too. "Security" doesn't trump all. If you need secure, turn off your computer.

I tried Rust and downloaded some projects that should be comparatively simple (e.g. text editor). "cargo build" downloaded and built about 500 dependencies. The Rust ecosystem had a chance to convince me, and it sure has some convincing results. But it wasn't my cup of tea.

If you included hundreds of dependencies to do what you can't easily do yourself within the "safe" framework, that may or may not be the language's or the ecosystem's failure. But the attribute "secure" for such a project is questionable. As NPM history or a certain guy or the recent events around the xz project illustrate well.

pdimitar1y ago

`cargo-geiger` would like a word. Feel free to try it.

Number of dependencies is a bad signal for JS projects, I am not so sure the same applies for Rust however.

j / k navigate · click thread line to collapse

0 comments

jstimpfle1y ago

It is but there are other technical and non-technical merits too. "Security" doesn't trump all. If you need secure, turn off your computer.

pdimitar1y ago

`cargo-geiger` would like a word. Feel free to try it.

Number of dependencies is a bad signal for JS projects, I am not so sure the same applies for Rust however.

j / k navigate · click thread line to collapse