Many discussions about open source dependencies and maintenance happened in the last month.Two posts caught my eye in the Rust ecosystem: Sudo-rs dependencies: when less is better about the Rust rewrite of sudo trimming its dependency graph, and On Tech Debt: My Rust Library is now a CDO about a Rust package being flagged as unmaintained, triggering complaints across downstream projects failing CI.And by now, you’ve likely heard about the backdoor in the xz-utils compression project.
Interesting read. Thanks. The article mentions this https://research.swtch.com/nih which is worth reading as well.
https://www.devever.net/~hl/bootstrapping-exam