this post was submitted on 27 Mar 2024
58 points (100.0% liked)

Rust

111 readers
3 users here now

Welcome to the Rust community! This is a place to discuss about the Rust programming language.

Wormhole

!performance@programming.dev

Credits

  • The icon is a modified version of the official rust logo (changing the colors to a gradient and black background)

founded 1 year ago
MODERATORS
top 7 comments
sorted by: hot top controversial new old
[–] Deebster@programming.dev 18 points 7 months ago (1 children)

This is a great little piece, although relevant to developing generally, not just Rust.

Who won? I think nobody really.

Good summary.

load more comments (1 replies)
[–] MalReynolds@slrpnk.net 9 points 7 months ago (2 children)

TIL rust has some sort of ratings for libraries/dependency code. Cool! Is that intrinsic in some way?

Speaking as a C/C++/python (and others) coder if that’s relevant, that’s been looking at Rust for a while…

[–] Ephera@lemmy.ml 8 points 7 months ago

I'm not sure, what they mean with those ratings, to be honest.

This whole article is about the yaml-rust library having been marked as unmaintained in the RUSTSEC advisory database: https://rustsec.org/packages/yaml-rust.html

RUSTSEC is not intrinsic to the language, but it's maintained by the Rust Foundation and there's some really solid tooling, which can tell you in the blink of an eye that one of your dependencies is insecure.

Well, and then there's some unofficial projects which curate libraries, like https://awesome-rust.com and https://lib.rs (the latter also serves as an alternative frontend for the official package registry https://crates.io ).

[–] lysdexic@programming.dev 2 points 7 months ago* (last edited 7 months ago)

TIL rust has some sort of ratings for libraries/dependency code.

A random guy going through the trouble of putting together a site to subjectively rate other people's work is hardly something that's language-specific.

I'd wager that adding a single tag/field to represent the programming language is all it takes to make the system universal.

Also, that's not even language-specific. It's package-centric.

I get it, joining bandwagons is fun. That's not a substitute for thinking things through, though.

By the way, npm even supports package auditing, warnings, and autopromoting packages and its dependencies. You don't hear people constantly parroting switching projects to Node.js over this, though.

[–] d_k_bo@feddit.de 5 points 7 months ago

I think why really need a way to transfer ownership of crate names if the original owner is completely unresponsive. The Python ecosystem has a process for this.

[–] korstmos@kbin.social 3 points 7 months ago

Moooom, theyre treating the metric again!

[–] Kissaki@programming.dev 3 points 7 months ago

tl;dr: They merged the code of an unmaintained dependency into their project.

I don't think I can take anything else away from it.