|
|
|
|
|
|
by steveklabnik
606 days ago
|
|
|
There was at least one in the first year after 1.0, we had warnings on for like nine months and then finally broke the code later. That I only remember such things vaguely and not in a “oh yeah here’s the last ten times this happened and here’s the specifics” speaks to how often it happens, which is not often. Lots of times soundness fixes are found by people looking for them, not for code in the wild. Fixing cve-rs will mean a “breaking” change in the literal sense that that code will no longer compile, but outside of that example, no known code in the wild triggers that bug, so nobody will notice the breakage. |
|
|