smallcircles (Humane Tech Now) on Nostr: To vendor or to fork? That is the question. Since #Rust Crates.io started giving ...
To vendor or to fork? That is the question.
Since #Rust Crates.io started giving #RUSTSEC warnings on the unmaintained status of #yaml-rust library, there's a bit of a panic, not in the least because 1,000's of crates depend on it.
This article by the maintainer of Insta snapshot testing tool gives a nice analogy to Collateralized Debt Obligations (CDO's) with considerations on whether you should fork or might vendor the lib.
https://lucumr.pocoo.org/2024/3/26/rust-cdo/
https://github.com/chyh1990/yaml-rust/issues/197
Since #Rust Crates.io started giving #RUSTSEC warnings on the unmaintained status of #yaml-rust library, there's a bit of a panic, not in the least because 1,000's of crates depend on it.
This article by the maintainer of Insta snapshot testing tool gives a nice analogy to Collateralized Debt Obligations (CDO's) with considerations on whether you should fork or might vendor the lib.
https://lucumr.pocoo.org/2024/3/26/rust-cdo/
https://github.com/chyh1990/yaml-rust/issues/197