New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
maint status of crate? #650
Comments
Under the github organization that owns this repo I only see one user in the public members: https://github.com/orgs/chronotope/people There is a comment here from that maintainer from 14 days ago. I'm not sure that can be called unmaintained or "mantainer MIA"/"not seen maintainers responding to people". That PR is made/sent by that same maintainer. |
from your linked issue. doesnt matter if they try if owner doesnt ok it then its pointless |
Milo123459 seems to have merge rights. See this PR which was merged by them #568 |
We have a request for the @rustsec project to file an unmaintained crate advisory for Speaking as one of the RustSec maintainers, I am somewhat reluctant to do this, particularly as It would be great to get some input from any current My personal view looking at some of the recent history of the project and some of the issues/PRs surfaced in this thread is that there are some active contributors but overall work appears to be stalled. Is that a fair assessment? |
I have been given access to GitHub and crates.io by the previous primary maintainer on Feb 27. I haven't had a ton of time to spend on the crate (particularly on the goal of publishing a version that fixes RUSTSEC-2020-0159, of course), but with the other active maintainer @Milo123459 we've managed to merge three PRs over the past three days, some of them fairly substantial. I think activity will increase from here, although, because chrono is so widely-used, I want to be careful about publishing a new release, so that may take some time. As such, while activity on this crate has definitely been very minimal over the past 6 months or so, I don't think it makes sense to publish an unmaintained crate advisory at this point. |
(Also, given that RUSTSEC-2020-0159 remains relevant there is already some signal in the advisory DB about an ongoing lack of maintenance.) |
Thanks for the update. I've gone ahead and closed the @rustsec issue. |
I'm going to close this issue for now, feel free to open new issues or comment in other ones with specific questions. |
this is high profile crate no release since 2020 and no commits for months now. not seen maintainers responding to people and lots reporting security issues with this crate. issues list is almost 200 now and almost 50 prs not getting address.
can please confirm status of this crate and if bugs/security will be fixed soon? reports for sec issue go back a year at least!
@quodlibetor
The text was updated successfully, but these errors were encountered: