From the perspective of a library author even evaluating if a given bug could be considered a vulnerability is extra effort that is not strictly useful to the project itself, just to those using it who want to not apply every single update.

I would say this very issue is at the core of the current CVE discussions that leads more and more projects to become their own CNAs.

Security people and corporate downstream consumers of security feeds want to invest the minimum of effort while pushing as much of the evaluation what is and isn’t a vulnerability on the authors of library authors as possible. However, this does not work. A vulnerability can only ever truly be evaluated by investing significant amounts of effort in the abstract way that is required to do it in an upstream project. On the other hand, at point of use it is often trivial to discard the possibility of an exploit because the potentially vulnerable code is not even used by the project using the library that contains the code.

Funnily enough the same is true for languages that have huge standard libraries. They put anything that is convenient to solve their immediate problem in there. That is how languages like Python end up with multiple of just about everything complicated in there.

As a sysadmin I have sadly encountered too many situations where a programmer thought “oh, this will never happen” to agree with you that a code construct that provides no information to the user should be used in such cases.

No, I actually meant it as in the traditional meaning of literally. As in

[lints.clippy]
unwrap_used = "warn"
expect_used = "warn"

along with a pre-commit hook that does

cargo clippy -D warnings

(deny warnings).

There are always better ways to write an unwrap, usually via pattern matching and handling the error cases properly, at the very least logging them.

There are a few very questionable things in there. Unwrap should literally never appear in production code so if your code base uses it so often that you want a short-hand syntax for it that calls into doubt everything else you wrote.

Der Wartungsaufwand um Python-Code zu installieren und auf neue Versionen hoch zu ziehen ist deutlich höher als bei Rust, einerseits für die Entwickler aber auch für die Admins.

, it’s there to efficiently move as many people as possible, as safely as possible.

So you are saying you are in favor of banning cars from the street too then?

I am certainly less invested in huge budget games than ever. Maybe developers need to consider the kind of games they are making in a bit more detail than just by platform.

Also to advocate for a specific tab size while also advocating for hard tabs is nonsense. The one flimsy claim to usefulness tabs have is that different people can use different tab sizes and all at the low, low cost of everyone having five times more work to use tabs for indentations and spaces for alignment and thus having to use visual whitespace of some kind.

What is it with all kinds of companies building https://haveibeenpwned.com/ clones into their products lately?

Some sort of marketing bullshit generator I assume by the text of the post?

Not sure why but feddit.de was broken with themed errors for a day or more and now just shows a white page with Server error for the last 2-3 days. Even status.feddit.de just results in a timeout.

I saw a user profile earlier that said

“There is nothing worse than having a Cranberries song stuck in your head, in your heeeeeeead…”