juliand[m]: > <@juliand:fehler-in-der-matrix.de> Another thing that came up today in a meeting was the issue of dependencies and crates.io in general. Not only regarding licenses (mostly MIT and Apache anyway afaik) but also regarding safety/security. Are there any plans to have more quality-controlled or reviewed crates at some point?
> I think this actually is an attack surface where someone could offer a useful crate, people use it and then inject malicious code. Didn't really have an answer to that one except for reviewing every dependency :/

yeah, the options are:

* you do the work
* you pay someone to do the work

You can't really ask other people to do all the work for free.