A new release of a dependency just broke half the Rust ecosystem https://github.com/kentfredric/quote/commit/e73264276e0536a95fb50e60506e7614dce587ed …https://github.com/rust-lang-nursery/failure/issues/342 …
-
-
Replying to @jedisct1
This isn’t really unexpected if people don’t pin their dependencies. It is surprising that so many people were affected though, hopefully it’ll make them change their habits
. A cheaper lesson than if it was a compromised package.3 replies 0 retweets 0 likes
Replying to @yowgi
One reason to NOT pin dependencies: older versions may become incompatible with new versions of the compiler. Also, multiple versions of the same crate can’t safely coexist. A dependency requiring old dependencies is very annoying.
4:48 PM - 5 Mar 2020
from Saint-Mandé, France
0 replies
0 retweets
1 like
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.