11:02:36 
 a6fe- 
 From: sjr@debian.org 
  
 Hi, 
  
 On 11/4/25 7:32 PM, Adrian Bunk wrote: 
  
 > The main selling point of Rust is that it avoids some classes of 
 > vulnerabilities at the language level, but we are not setup to 
 > automatically detect and handle it when published CVEs might 
 > affect Rust programs like sqv. 
  
 I think we need to create infrastructure for that anyway -- there's lots 
 of C++ programs with similarly sloppy dependency management now, 
 especially anything using dear imgui and shipping twenty copies of stb 
 -- in that ecosystem it is completely normal to ship a library as source 
 code that needs to be compiled with a configuration header on the 
 include path, and Rust code is refreshingly sensible compared to that. 
  
     Simon 
  
 --- SoupGate-Win32 v1.05 
  * Origin: you cannot sedate... all the things you hate (1:229/2)