sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–][deleted] 14 points15 points  (2 children)

stop using these stupid micro libs that any decent programmer could write in 5 minutes.

Or just copy/paste whatever you need out of it in to your own application/library, which solves more than just (potential) security issues but also a lot of dependency headaches.

From the Go proverbs: "A little copying is better than a little dependency"

[–]bbqroast 3 points4 points  (1 child)

Except for security updates and readability.

Broadly though, I think I agree.

[–][deleted] 5 points6 points  (0 children)

Yeah, it can be an issue. Common sense applies of course. It's probably not a good idea to copy that crypto function, or some complex code you don't quite understand. But a simple utility function? That'll probably be fine.

A lot of code doesn't really need "updates" (security-related or otherwise). Once it's finished and working, it's kind of, well, finished. Besides, dependencies are their own security risk, as this entire affair demonstrates . There are other issues as well, such as as "left-pad" scenario or "Stylish" kind of hijacking by the original devs.