undefined | Better HN

0 pointsalextingle4mo ago0 comments

Well, yes I do know when a C project only depends on my system libraries, because otherwise it won't compile. That's the point.

Furthermore, for the purposes of this discussion, it really doesn't matter what code there is in the C project. What's there has been put there by the people who run the project. If they are malicious, then at least I know who they are. With Rust, I'm downloading and compiling code from many, many third parties. I have no idea who they are. The potential for one of them to be malicious is much, much higher.

0 comments

timeon3mo ago

You do not know if developers are malicious when there are many contributors.

Now we are talking about NPM other time about: https://en.wikipedia.org/wiki/XZ_Utils_backdoor

j / k navigate · click thread line to collapse

0 pointsalextingle4mo ago0 comments

Well, yes I do know when a C project only depends on my system libraries, because otherwise it won't compile. That's the point.

0 comments

timeon3mo ago

You do not know if developers are malicious when there are many contributors.

Now we are talking about NPM other time about: https://en.wikipedia.org/wiki/XZ_Utils_backdoor

j / k navigate · click thread line to collapse