|
|
|
|
|
|
by LtWorf
541 days ago
|
|
|
Probably most of these tiny crates have 1 or 0 maintainers. Chances are that they will not be quick to fix a vulnerability. And even if they are, for rust software that doesn't come from debian, there is no way to ensure it all gets rebuilt and updated with the fix. Also, projects are generally slow (taking several months) to accept patches. When a distribution has fixed something and the users notice no issue, the upstream project if downloaded and compiled would be a different matter entirely. |
|
|