Skip to content
Better HN
Top
Best
Ask
Show
New
Jobs
Search
⌘K
0 points
meragrin_
2y ago
0 comments
Save
Share
So what in there guarantees I can get the same thing they audited?
0 comments
3 comments · 1 top-level
top
newest
oldest
GrumpySloth
2y ago
· 2 in thread
Version numbers. You can’t modify an already-published version of a Rust crate on crates.io.
palata
2y ago
Who in practice pins their dependencies (transitive included) on audited versions?
rockdoe
2y ago
Small companies with little development experience like Google and Mozilla.
(You can check the files I linked and see audits between deltas for minor version updates)
1 more reply
j
/
k
navigate · click thread line to collapse
