@Josh @cy @GossiTheDog And I'm not saying you aren't responsible for what you ship, or that performing due-diligence on your dependency tree isn't a reasonable standard, just that it's an unfunded mandate in most cases that isn't going to actually happen reliably/commonly/unexpectedly absent some government regulation or software engineering licensure to fundamentally change the culture and incentives for software development.
Conversation
Notices
-
Embed this notice
Raven667 (raven667@hachyderm.io)'s status on Monday, 19-Feb-2024 03:04:34 JST Raven667 -
Embed this notice
Raven667 (raven667@hachyderm.io)'s status on Monday, 19-Feb-2024 03:04:35 JST Raven667 @Josh @cy @GossiTheDog I understand your response but this is pissing in the wind at best, of all the billions of applications developed, and the amount of code re-use via libraries, who has time to read, audit and monitor diffs of every library dependency you use in addition to maintaining the application that the library is used for (that you don't have the resources to implement yourself) in the first place? That's effectively saying to almost never practice code re-use, which isn't viable.
-
Embed this notice