Comment by octoberfranklin
5 years ago
No, see, my point is that this is as important as dependencies.
Anything that tracks dependencies ought to be tracking transitive unsafeness.
That's the mindset shift the Rust world needs. Otherwise we're going to keep getting these (in some sense valid) complaints about how Rust isn't memory-safe because it has unsafe-blocks.
Safety is top of mind for a large percentage of the Rust community. There was major political drama when the fastest http framework liberally used unsafe. That framework was almost universally shunned because of it and now the vast majority of the use of unsafe in that project have been removed. I think we are in a good position, but there could be in effect, a Sybil attack against norms where if unsafe was an Ok thing to do for perf or expediency that the value of Rust would be largely obliterated.
My personal hope is that lib.rs and docs.rs replace crates.io and that safety, code coverage, perf and other dimensions of quality are prominently displayed and queryable. Crates.io as it is now has outlived its usefulness.
I believe you and I agree on this issue completely.