Re: rust - volunteers sought...

To: Havard Eidnes <he%NetBSD.org@localhost>
Subject: Re: rust - volunteers sought...
From: Greg Troxel <gdt%lexort.com@localhost>
Date: Thu, 16 May 2024 08:45:07 -0400

Havard Eidnes <he%NetBSD.org@localhost> writes:

> If I'm not terribly mistaken, the "insist on rust >= 1.77.2" came
> from a recent CVE disclosure which turned out to be a security
> issue only on Windows, ref. CVE-2024-24576.

I think in general it's wrong for a program to insist on security-fixed
dependencies.

> That had however the effect of several program maintainers
> installing "you must use a rust version without this CVE" into
> their setups.

That seems easy enough to patch out, as a bug.

References:
- Re: rust - volunteers sought...
  - From: Greg Troxel
- Re: rust - volunteers sought...
  - From: pin
- Re: rust - volunteers sought...
  - From: Greg Troxel
- Re: rust - volunteers sought...
  - From: Havard Eidnes

Prev by Date: Re: rust - volunteers sought...
Next by Date: Re: rust - volunteers sought...
Previous by Thread: Re: rust - volunteers sought...
Next by Thread: Re: rust - volunteers sought...
Indexes:

Home | Main Index | Thread Index | Old Index