dylancodeAs great as it is, Rust's #cargo package manager is tying us to micro-libraries due to how easy it is to add a new package.
Does the `rand` crate really need 14 dependencies *without* any added features?!
Sekhat Temporus@dylancode have to admit, having lots of dependencies from a public repository means having to spread your trust thin. It becomes a very large attack surface.
But people seem to like to work this way, and the only real solution is to modify people's behaviour, which is, for all intents and purposes, impossible.
So all you can do is limit your own dependency use, and/or be in control of as many dependencies as possible.
@sekhat That's my biggest issue with having hundreds of deps. Say your program segfaults: you now have to look through the 100+ libraries that it could have crashed in. Admittedly, Rust's brilliant unsafe system greatly reduces the number of places you need to look (in this specific example), but even so, you then have to submit a PR to the faulty library's repository and wait for it to be approved (or rejected!) before you can continue working.
If one library breaks, so does everyone else's.