Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Maintenance Status #2

Closed
asomers opened this issue May 26, 2024 · 5 comments
Closed

Maintenance Status #2

asomers opened this issue May 26, 2024 · 5 comments

Comments

@asomers
Copy link

asomers commented May 26, 2024

This crate hasn't been touched for 8 years, and there are a few obvious problems:

  • It depends on an outdated version of itertools and arrayvec.
  • The published package on crates.io does not match the source code on Github. It seems that at least one git commit never got pushed to Github.
  • Its dev-dependency on quickcheck-macros is so old that it won't even compile with a modern toolchain
  • Its dependency on num relies on unstable library features and will stop compiling with future toolchains. See Tracking issue for future-incompatibility lint soft_unstable rust-lang/rust#64266 .

Does the author ever intend to fix these problems? If not, I suggest it's time to file a RUSTSEC issue for an abandoned crate and fork this one.
@tbu-
Copy link
Owner

tbu- commented May 26, 2024

Your issue seems quite hostile. Is it common to threaten crates with RUSTSEC issues? Does RUSTSEC know of its weaponization?

@asomers
Copy link
Author

asomers commented May 26, 2024

Sorry @tbu- , I didn't mean for it to come across that way. But this isn't an uncommon use of RUSTSEC; that's why they have a whole category for "unmaintained". BTW, do you intend to pick this crate up again?

@tbu-
Copy link
Owner

tbu- commented May 27, 2024

BTW, do you intend to pick this crate up again?

I do intend to fix issues if they're reported. A crate not needing updates is a good thing, not a bad one.

  • It depends on an outdated version of itertools and arrayvec.

I assume that causes some problem for you? Can you describe why it's bad for you that it does that?

  • The published package on crates.io does not match the source code on Github. It seems that at least one git commit never got pushed to Github.

Yea, that's bad. Fixed it yesterday.

  • Its dev-dependency on quickcheck-macros is so old that it won't even compile with a modern toolchain

  • Its dependency on num relies on unstable library features and will stop compiling with future toolchains. See

Those are just dev-dependencies and shouldn't impact users of the crate. It's still annoying for developers, so should get fixed.

@asomers
Copy link
Author

asomers commented May 27, 2024

  • It depends on an outdated version of itertools and arrayvec

It means that downstream projects which already depend on one or both of those crates may end up building two versions, increasing build times and binary sizes.

@tbu-
Copy link
Owner

tbu- commented May 27, 2024

I removed the itertools and num dependency and upgraded the quickcheck dependency. The only thing remaining is arrayvec, which is not completely trivial: #3.

@tbu- tbu- closed this as completed May 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@asomers @tbu-