pkgsrc-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: rust - volunteers sought...
Havard Eidnes <he%NetBSD.org@localhost> writes:
> If I'm not terribly mistaken, the "insist on rust >= 1.77.2" came
> from a recent CVE disclosure which turned out to be a security
> issue only on Windows, ref. CVE-2024-24576.
I think in general it's wrong for a program to insist on security-fixed
dependencies.
> That had however the effect of several program maintainers
> installing "you must use a rust version without this CVE" into
> their setups.
That seems easy enough to patch out, as a bug.
Home |
Main Index |
Thread Index |
Old Index