This isn’t really unexpected if people don’t pin their dependencies. It is surprising that so many people were affected though, hopefully it’ll make them change their habits
. A cheaper lesson than if it was a compromised package.
-
-
-
One reason to NOT pin dependencies: older versions may become incompatible with new versions of the compiler. Also, multiple versions of the same crate can’t safely coexist. A dependency requiring old dependencies is very annoying.
End of conversation
New conversation -
-
-
Rust ecosystem seems not very stable, cause i know they only have a nightly version
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.