Matt Campbell on Nostr: So, while the xz backdoor disaster has us thinking about how we interact with ...
So, while the xz backdoor disaster has us thinking about how we interact with maintainers of open-source dependencies, I thought I'd ask for advice on resolving a dilemma I'm facing with AccessKit (
https://github.com/AccessKit/accesskit). I want to add this dependency:
https://crates.io/crates/immutable-chunkmap Like xz (before the long attack began), immutable-chunkmap is a one-person project; he's doing it in his spare time. But, at the risk of sounding entitled, there are things I want fixed before I depend on it. 1/?
Published at
2024-03-30 19:07:24Event JSON
{
"id": "9831dd8bb09225413a06a28bbb7b0288245801c84d0fce7b69e84487c3b3a5d6",
"pubkey": "790e5e1a77f369f0eae0afb55dd1fae16c51eb87977c87a9b4fa113c6bac5399",
"created_at": 1711825644,
"kind": 1,
"tags": [
[
"proxy",
"https://toot.cafe/users/matt/statuses/112186205421132451",
"activitypub"
]
],
"content": "So, while the xz backdoor disaster has us thinking about how we interact with maintainers of open-source dependencies, I thought I'd ask for advice on resolving a dilemma I'm facing with AccessKit (https://github.com/AccessKit/accesskit). I want to add this dependency: https://crates.io/crates/immutable-chunkmap Like xz (before the long attack began), immutable-chunkmap is a one-person project; he's doing it in his spare time. But, at the risk of sounding entitled, there are things I want fixed before I depend on it. 1/?",
"sig": "da0f64a43ce6547917146c50a54cfc9b352f493c8977e191ebe1e9f0ad29041ef887dcf15d3360528373e9a07b7fbaa8a7352bf3ac3db3d43c3db3451ce227ba"
}