> too much faith in dependency oriented programming
Which is why it's a distraction to even consider this particular person's track record.
Even if this same person pulled one critical package a month for the next year, the fundamental problem is still that the ecosystem in general relies on parties with no obligations to manage critical dependencies.
Which is why it's a distraction to even consider this particular person's track record.
Even if this same person pulled one critical package a month for the next year, the fundamental problem is still that the ecosystem in general relies on parties with no obligations to manage critical dependencies.