Hacker News new | ask | show | jobs
by uecker 404 days ago
That does not help you if the bug is one of many unmaintained crates and never noticed. Linux distributions aim to make sure that C application dynamically link to the right libraries instead of vendoring the code. Then the library can be updated once. IMHO this is the only reasonable approach.
1 comments
simonask 404 days ago
It's trivial to see on crates.io whether a crate is unmaintained.
link
uecker 404 days ago
Maybe if it is completely unmaintained, but this is not enough to solve the problem and maybe also not really the point.
link
shwouchk 404 days ago
is it trivial to see if a third level dependency is unmaintained?
link