• Ephera
    link
    fedilink
    arrow-up
    4
    ·
    1 month ago

    Probably not going to happen. I will say that it’s less bad than you might think, because there is more-or-less an unofficial extended stdlib, i.e. high-quality, widely used libraries which are maintained by people in the Rust team.

    But yeah, I’m involved in a somewhat larger project and we’ve cracked 1000 transitive dependencies a few weeks ago, and I can tell you for free that I don’t personally know the maintainers of all of those.
    If this was more of a security-critical project, there’s probably a dozen or so direct dependencies that we would have implemented ourselves instead.