On Tech Debt: My Rust Library is now a CDO (lucumr.pocoo.org)
from thomask@lemmy.sdf.org to rust@programming.dev on 27 Mar 00:35
https://lemmy.sdf.org/post/14406111

#rust

threaded - newest

xantoxis@lemmy.world on 27 Mar 01:07 next collapse

Well written, I enjoyed this.

Deebster@programming.dev on 27 Mar 01:59 next collapse

This is a great little piece, although relevant to developing generally, not just Rust.

Who won? I think nobody really.

Good summary.

[deleted] on 27 Mar 06:22 collapse
.
MalReynolds@slrpnk.net on 27 Mar 06:22 next collapse

TIL rust has some sort of ratings for libraries/dependency code. Cool! Is that intrinsic in some way?

Speaking as a C/C++/python (and others) coder if that’s relevant, that’s been looking at Rust for a while…

lysdexic@programming.dev on 27 Mar 06:35 next collapse

TIL rust has some sort of ratings for libraries/dependency code.

A random guy going through the trouble of putting together a site to subjectively rate other people’s work is hardly something that’s language-specific.

I’d wager that adding a single tag/field to represent the programming language is all it takes to make the system universal.

Also, that’s not even language-specific. It’s package-centric.

I get it, joining bandwagons is fun. That’s not a substitute for thinking things through, though.

By the way, npm even supports package auditing, warnings, and autopromoting packages and its dependencies. You don’t hear people constantly parroting switching projects to Node.js over this, though.

Ephera@lemmy.ml on 27 Mar 07:07 collapse

I’m not sure, what they mean with those ratings, to be honest.

This whole article is about the yaml-rust library having been marked as unmaintained in the RUSTSEC advisory database: rustsec.org/packages/yaml-rust.html

RUSTSEC is not intrinsic to the language, but it’s maintained by the Rust Foundation and there’s some really solid tooling, which can tell you in the blink of an eye that one of your dependencies is insecure.

Well, and then there’s some unofficial projects which curate libraries, like awesome-rust.com and lib.rs (the latter also serves as an alternative frontend for the official package registry crates.io ).

eager_eagle@lemmy.world on 27 Mar 07:09 next collapse

I hate it when TLAs are not explained

https://www.investopedia.com/terms/c/cdo.asp

hollyberries@programming.dev on 27 Mar 13:58 collapse

From TFA (the fine article):

As for the title: a CDO is a financial instrument that became pretty infamous during the financial crisis of 2007. An entertaining explanation of that can be found in “The Big Short”.

Its the last sentence of the article as a footnote with a wikipedia link to a page about CDO.

eager_eagle@lemmy.world on 27 Mar 14:00 collapse

and it doesn’t explain what the acronym stands for, or what it’s for

BatmanAoD@programming.dev on 27 Mar 14:06 next collapse

Uh, neither did you? Both explanations mostly just provide links.

[deleted] on 27 Mar 14:28 next collapse
.
eager_eagle@lemmy.world on 27 Mar 14:31 collapse

well, I didn’t write the article

If you’re using an obscure acronym in your title, it deserves more than just a link in a footnote imo, but whatever

BatmanAoD@programming.dev on 27 Mar 18:16 collapse

That’s fair.

RustyShackleford@programming.dev on 28 Mar 09:27 collapse

Credit Default Obligation?

d_k_bo@feddit.de on 27 Mar 07:24 next collapse

I think why really need a way to transfer ownership of crate names if the original owner is completely unresponsive. The Python ecosystem has a process for this.

korstmos@kbin.social on 27 Mar 07:54 next collapse

Moooom, theyre treating the metric again!

Kissaki@programming.dev on 29 Mar 05:37 collapse

tl;dr: They merged the code of an unmaintained dependency into their project.

I don’t think I can take anything else away from it.