thomaskMar 27, 2024

On Tech Debt: My Rust Library is now a CDO

https://lemmy.sdf.org/post/14406111

On Tech Debt: My Rust Library is now a CDO - SDF Chatter

Show threadMalReynoldsMar 27, 2024

TIL rust has some sort of ratings for libraries/dependency code. Cool! Is that intrinsic in some way?

Speaking as a C/C++/python (and others) coder if that’s relevant, that’s been looking at Rust for a while…

Show threadEphera

I’m not sure, what they mean with those ratings, to be honest.

This whole article is about the yaml-rust library having been marked as unmaintained in the RUSTSEC advisory database: rustsec.org/packages/yaml-rust.html

RUSTSEC is not intrinsic to the language, but it’s maintained by the Rust Foundation and there’s some really solid tooling, which can tell you in the blink of an eye that one of your dependencies is insecure.

Well, and then there’s some unofficial projects which curate libraries, like awesome-rust.com and lib.rs (the latter also serves as an alternative frontend for the official package registry crates.io ).

Advisories for package 'yaml-rust' › RustSec Advisory Database

Security advisory database for Rust crates published through https://crates.io

Mar 27, 2024 at 7:07amWeb