Hacker News new | ask | show | jobs
by richardwhiuk 1887 days ago
Yanking releases which have bugs / vulnerabilities in them is very much not the norm in the Rust community.

This is why projects like https://github.com/RustSec exist.
1 comments
steveklabnik 1887 days ago
I don't know about that, crates that RustSec has advisories for are often yanked, in my experience.

Bugs? No. Security bugs? Yes.

link
richardwhiuk 1887 days ago
Hyper 0.11.26 - https://crates.io/crates/hyper/0.11.26

Not yanked.

Vulnerable to https://github.com/RustSec/advisory-db/blob/main/crates/hype...

link
steveklabnik 1887 days ago
Sure, it's quite possible that not every single one ever is. One single version of one single library not being yanked doesn't mean that nobody ever does it.
link