Build Security

The exposed name doesn’t work for transitive deps. First thought is that I would expect it to be either with a version specifier (so you can choose whether you want to have to re-audit after updates) or a checksum (of the build.rs and its imports). But both of those are complicated by the fact it may have build-dependencies though .