Paste is dead, long live Pastey #4118
Conversation
The crate paste is no longer maintained, and has a replacement. On that basis only my IDE is reporting "paste" as a security hazard. "pastey is the fork of paste and is aimed to be a drop-in replacement with additional features for paste crate" <https://crates.io/crates/pastey>
|
For review purposes, I want to bring a potential critisism of this patch to the fore. "paste" has a really high volume of daily downlaods ~500,000 and I expect a steady fall from here on. "pastey" is ramping up quickly but is currently peak is only lowly 3,000 daily downloads. If a serious security problem becomes unveiled in "paste" the stock answer will always be move to "pastey" we will fix it there.. My question is "what is the resonable response if a new security flaw appears in the 'pastey' crate" ... the low volume of daily downloads means the community is far less likley to see it, report it. Anyway, I just thought I should mention the hazard. |
|
See discussion in #3685 |
|
From the discussion mentioned
A resonable attitude ... |
The crate paste is no longer maintained, and has a replacement. On that basis only my IDE is reporting "paste" as a security hazard.
"pastey is the fork of paste and is aimed to be a drop-in replacement with additional features for paste crate" https://crates.io/crates/pastey