Comments (9)
RalfJung
commented on July 16, 2024
3
I was mostly saying that it seems odd to call them "maintainers" if they are not maintaining it. Maybe "former maintainers" or so?
from advisory-db.
tarcieri
commented on July 16, 2024
2
Just as an added thought, I think the unmaintained.toml, especially when filed by a crate owner, could include some interesting other metadata, like:
Crate `x` is unmaintained: the maintainer suggests using crates `y` or `z`
So even in cases where it doesn't help recruit a new maintainer, it can at least provide people pointers about what they should use instead.
from advisory-db.
BurntSushi
commented on July 16, 2024
2
@RalfJung It happens: https://github.com/BurntSushi/chan#this-crate-has-reached-its-end-of-life-and-is-now-deprecated --- Although perhaps you might still consider that maintained since I put the message there.
from advisory-db.
tarcieri
commented on July 16, 2024
2
If we ship such a feature, here's a crate we should track:
https://twitter.com/passcod/status/1168188637361725442
from advisory-db.
Shnatsel
commented on July 16, 2024
1
I believe rustcrypto crate was also unmaintained but impossible to take down for a good while.
from advisory-db.
RalfJung
commented on July 16, 2024
Crate
xis unmaintained: the maintainer suggests
So it's not maintained but there is a maintainer suggesting something? That sounds funny. ;)
from advisory-db.
tarcieri
commented on July 16, 2024
See also this recent thread on MP3 crates:
https://rust-audio.discourse.group/t/opportunity-mp3-crate/122/6?u=tarcieri
In it there are authors both willing to transfer ownership of their crates, and also suggesting alternative crates, so I've definitely seen it happen "in the wild".
from advisory-db.
porglezomp
commented on July 16, 2024
Are you already using the
[badges]
maintenance = { status = "..." }metadata that can be present in the Cargo.toml? Would it be beneficial to pitch for extra optional keys for that in the case that status = "deprecated"?
from advisory-db.
tarcieri
commented on July 16, 2024
@porglezomp no, but that's a good point.
After some discussion on this issue, I got to thinking that perhaps a good feature to add is an "informational advisory" which can warn for certain crate revisions, but doesn't fail the audit:
We could have various categories of informational advisories, and one of them could be "looking for maintainer"
This would allow us to reuse the same advisory format rather than adding a bespoke new one.
from advisory-db.
Related Issues (20)
- heap-vec is potentially unsound
- buffer overflow in transpose HOT 1
- `From<String> for BoxedString` unsound in `smartstring` crate (also, unmaintained) HOT 3
- `generational-arena` appears unmaintained HOT 1
- rcrypto has a stack buffer overflow
- Link to GitHub advisory on RUSTSEC-2024-0019 broken HOT 1
- Conflicting info about yanking crates HOT 5
- yaml-rust appears unmaintained... HOT 27
- Couldn't Fetch Advisory Database HOT 4
- serde-yaml is unmaintained
- retain_mut is deprecated HOT 3
- cargo-asm might be unmaintained HOT 1
- openslide is unmaintained
- All crates inside byron/google-apis-rs are now unmaintained (google-drive3, google-youtube3, etc.) HOT 1
- isahc might be unmaintained
- zip crate (unmaintained? Change of ownership?) HOT 5
- CI failed to detect leftover placeholder link
- UB fixed in smallvec >= 1.13.2
- Memory corruption fixed in smallvec 2.0.0-alpha-6 HOT 1
- Clarify RUSTSEC-2020-0071 to mention that time was *setting* environment variables HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from advisory-db.