Reuse Less Software(wiki.alopex.li)
wiki.alopex.li
Reuse Less Software
https://wiki.alopex.li/ReuseLessSoftware
1 comments
I'm not following this argument. I think there's no real reliability difference between having SHA256-verified dependencies by lock file and vendoring the same dependencies into the codebase. If there's a concern with crates.io availability partial local mirroring is possible.