this post was submitted on 21 Oct 2024
194 points (99.0% liked)

Programming

17248 readers
255 users here now

Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!

Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.

Hope you enjoy the instance!

Rules

Rules

  • Follow the programming.dev instance rules
  • Keep content related to programming in some way
  • If you're posting long videos try to add in some form of tldr for those who don't want to watch videos

Wormhole

Follow the wormhole through a path of communities [email protected]

founded 1 year ago
MODERATORS
snowe
Ategon
[email protected]
194
The empire of C++ strikes back with Safe C++ proposal (www.theregister.com)
submitted 2 days ago by [email protected] to c/programming
54 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] pkill -1 points 21 hours ago (3 children)

wake me up when Rust fixes its' supply chain attacks susceptibility (solid stdlib and rejecting external crates, including transitive deps

[–] [email protected] 4 points 14 hours ago

Probably not going to happen. I will say that it's less bad than you might think, because there is more-or-less an unofficial extended stdlib, i.e. high-quality, widely used libraries which are maintained by people in the Rust team.

But yeah, I'm involved in a somewhat larger project and we've cracked 1000 transitive dependencies a few weeks ago, and I can tell you for free that I don't personally know the maintainers of all of those.
If this was more of a security-critical project, there's probably a dozen or so direct dependencies that we would have implemented ourselves instead.

[–] [email protected] 3 points 13 hours ago* (last edited 13 hours ago)

This has been one of my biggest frustrations while learning Rust. I'm coming from .NET which has an incredible wealth of official System and Microsoft libraries all of which are robust and well documented.

Rust on the other hand has the bare minimum std library, with everything else implemented by the community. There isn't even a std async library. It's insane.

Even the popular community libraries are severely lacking in documentation or inexplicably unmaintained.

Rust has a ton of potential but it desperately needs some broad funding to align the fundamentals to a decent standard.

[–] [email protected] 4 points 20 hours ago* (last edited 20 hours ago)

If you're hoping for the standard lib to have things built on evolving standards and ecosystems like HTTP clients, then I doubt that will ever happen. There are plenty of examples of why that would be a terrible idea (urllib, std::regex, etc).