search

rustsec / advisory-db

Security advisory database for Rust crates published through crates.io
https://rustsec.org
Other
903 stars 353 forks source link

mime seems to be unmaintained #1482

Closed djc closed 1 year ago

djc commented 1 year ago

Sean confirmed as much in https://github.com/hyperium/hyper/issues/2632:

It's not really maintained, no. I started a rewrite, after realizing the enum version had problems. And then a different rewrite since the current version has other problems, and ended up getting discouraged and busy with other stuff, so it's in a state of who knows what.

@seanmonstar how do you feel about putting out an unmaintained advisory? Could point people to the mediatype crate.

seanmonstar commented 1 year ago

I mean, it still works. Any big bugs could be shipped. It's just not active at the moment. Wouldn't an advisory cause a lot of warnings for people?

tarcieri commented 1 year ago

@seanmonstar if you'd prefer we don't file an advisory, we won't

Shnatsel commented 1 year ago

Wouldn't an advisory cause a lot of warnings for people?

Indeed it would. Generally we only file advisories when all maintainers are unreachable and are unable to transfer ownership and/or have explicitly specified that no updates are forthcoming. You can see the policy for more details (and please let me know if it's not specific enough).

The motivation is to advise people to migrate away from crates that will not be able to ship fixes for major security issues. Since this is not the case here, I don't see the grounds for an advisory.