This comment needs to be higher up. The author styles themselves as a cybersecurity expert, but makes the fundamental mistake of assuming that they’re trustworthy and we’d trust them no questions asked. Software security isn’t based on blind trust like this. I’m surprised an expert can’t see that.

The other reason I don’t trust them is because this repo is 100% AI slop, even for crypto code. He posted it on /r/rust where every comment was highly negative - https://www.reddit.com/r/rust/s/4I4Xc7x7ec. The thread was removed by a moderator with the note:

Please, stop posting articles from kerkour.com.

The blog has been on a downward spiral for years, it's doomed, let it go.

> The blog has been on a downward spiral for years, it's doomed, let it go.

Argumentum ad hominem, yuk

> the fundamental mistake of assuming that they’re trustworthy and we’d trust them no questions asked.

The author makes no such assumption, it is entirely your decision

> this repo is 100% AI slop,

That is an exaggeration. It is coded with AI help, as is almost everything these days

Agree, or disagree, that an anemic standard library is a problem, and crates.io is a glaring security risk and a looming catastrophe Kerkour is doing something about it

This is a start

[flagged]