Y
Hacker News
new
|
ask
|
show
|
jobs
by
GrumpySloth
843 days ago
Version numbers. You can’t modify an already-published version of a Rust crate on crates.io.
1 comments
palata
842 days ago
Who in practice pins their dependencies (transitive included) on audited versions?
link
rockdoe
842 days ago
Small companies with little development experience like Google and Mozilla.
(You can check the files I linked and see audits between deltas for minor version updates)
link
palata
842 days ago
I guess my point was: "because [some teams at] Google/Mozilla do it right does not mean that everybody does it right".
link