Dub integrated into the compiler?

[via Digitalmars-d]

On Monday, 27 October 2014 at 03:15:45 UTC, Tofu Ninja wrote:
> On Monday, 27 October 2014 at 03:00:50 UTC, Ola Fosheim Grøstad
>>
>> Bad for security.
>
> My response to that is that any library you ever download is 
> bad for security (including dmd and phobos).

I currently run dmd on a separate user account…

> We need to draw the line somewhere for things we trust and 
> things we don't trust, personally I draw the line where it best 
> suits me to get things done. If giving up some small about of 
> security allowed me to automatically integrate dub packages 
> into my projects, I would happily give it up. :)

That's ok for a personal user account, but not for a work account 
IMO.

Then again, I prefer to fetch directly from repos manually and 
only use dub-like features for languages that run in a VM.

Another point is that if you make fetching libraries too easy it 
means bloat starts creeping in. OK for a scripting language, but 
for a system level language…? You risk ending up with 
Tango-bloat, where you cannot include anything without pulling 
inn all kinds of dependencies.

> Also it is why I suggested that it could be policed.

But the D community is too small for that atm.