Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

On the other hand loading .env from the environment is critical (since you are usually passing secrets through .env). I wouldn't want to maintain that myself and not share it with a xxK other projects in case there is a vulnerability.


the issue is loading and setting env (which is the default for dot env libraries)

_is fundamentally unsound thanks to unix/posix_

no way around that

hence why set env wasn't marked as unsafe _even through it not being fully save being known since extremely early rust days maybe even 1.0_

it not being unsafe wasn't a oversight but a known to not be fully sound design decision which had been revisited and changed in recently




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: