Hacker News new | past | comments | ask | show | jobs | submit login

Yanking releases which have bugs / vulnerabilities in them is very much not the norm in the Rust community.

This is why projects like https://github.com/RustSec exist.




I don't know about that, crates that RustSec has advisories for are often yanked, in my experience.

Bugs? No. Security bugs? Yes.


Hyper 0.11.26 - https://crates.io/crates/hyper/0.11.26

Not yanked.

Vulnerable to https://github.com/RustSec/advisory-db/blob/main/crates/hype...


Sure, it's quite possible that not every single one ever is. One single version of one single library not being yanked doesn't mean that nobody ever does it.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: