Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

That does not help you if the bug is one of many unmaintained crates and never noticed. Linux distributions aim to make sure that C application dynamically link to the right libraries instead of vendoring the code. Then the library can be updated once. IMHO this is the only reasonable approach.


It's trivial to see on crates.io whether a crate is unmaintained.


Maybe if it is completely unmaintained, but this is not enough to solve the problem and maybe also not really the point.


is it trivial to see if a third level dependency is unmaintained?




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: