28
Thoughts on the xz backdoor: an lzma-rs perspective | Blog
(gendignoux.com)
Welcome to the Rust community! This is a place to discuss about the Rust programming language.
Credits
I think this article has a more thoughtful take than most I have read on the subject. In particular, I agree that we need to move away from the bazaar model and back towards the cathedral model, at least for critical software (he suggests smaller projects being adopted into larger, better funded and maintained consolidations). Another key observation is that a lack of activity does not mean a project is abandoned - it may just be feature complete. The flip side of that is, I think, that it is okay for projects to say "this is done" and resist the urge to expand into new areas and add endless complexity and dubious features.