That does not help you if the bug is one of many unmaintained crates and never n... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		uecker 80 days ago \| parent \| context \| favorite \| on: Rust’s dependencies are starting to worry me That does not help you if the bug is one of many unmaintained crates and never noticed. Linux distributions aim to make sure that C application dynamically link to the right libraries instead of vendoring the code. Then the library can be updated once. IMHO this is the only reasonable approach.

simonask 79 days ago [–]

It's trivial to see on crates.io whether a crate is unmaintained.

uecker 79 days ago | | [–]

Maybe if it is completely unmaintained, but this is not enough to solve the problem and maybe also not really the point.

shwouchk 79 days ago | | [–]

is it trivial to see if a third level dependency is unmaintained?

Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact