A lot of this thread has it wrong, and this wrongness contributes to the problem which led to this.
I have two simple mantras which establish my philosophy here:
1. YOU are responsible for your dependencies.
2. Open source participants are volunteers and owe you nothing.
It was never Nikolay's job to vet actix-web for you, nor did it become his job when the library became popular, nor does invoking "security" change anything in the slightest. Your dependencies are your responsibility. Responding with vitrol, anger, or hate when failing to uphold this responsibility bites you in the ass is just being a jerk.
User entitlement is totally unjustified and will burn out maintainers faster than almost anything else. I don't stand for it. If any other maintainers out there are struggling with this, please send me an email: [email protected]. I'm sympathetic to your cause and I can likely lend some pertinent advice.
Seems like there should have been some sort of response from the maintainer about the _philosophy_ of why he was doing things the was he was, and people could either get onboard with the connecting points of that, or get lost. So far, in all of this drama, I have yet to see where any of that might have been explained. I don't use Rust, but I understand the significance of the experiment, and I think I for one, would have liked to read the author's thoughts about "why."