On Saturday, 8 September 2018 at 01:32:19 UTC, Everlast wrote:
There are ways around this:
Take a step back and consider what you're asking for.
You are asking for dub to become github. A very cruddy version of
github. One in which everyone can submit changes to every
repository. With a forum and a voting mechanism where anyone can
vote. Where each person applies a complex set of rules to
determine whether a given change should be applied to their local
copy.
You expect this to improve reliability, when you're making it
less likely that anyone else has seen the codebase that any
particular person is using.
The security fixes you've suggested are defeated just by
registering a few extra accounts, and the "does not escape" thing
uses a term that I'm moderately sure you came up with.
You don't seem to understand the difference between trusting a
specific person in charge of a repository, and trusting everyone
in the world (or at least everyone who can make a dozen fake
accounts and upvote their own patches).
You also haven't considered social options for dealing with the
problem. See https://github.com/dlang-community/discussions for
the organization we have that deals with this problem already.
