this post was submitted on 16 Mar 2024
20 points (91.7% liked)

Rust Programming

8168 readers
1 users here now

founded 5 years ago
MODERATORS
 

When I install some Linux app from, let's say GitHub, I can feel how long without updates means the project is not maintained.
For example last commit being 5 years ago for GTK app is a long time and this is considered an abandoned repo. For super simple things like cowsay it's not that simple but still I can feel it.

How is that with crates with Rust? I see a lot of parsers or web libraries that are not updated for a year, two years, three years... How old is too old?
Also, many of them have a version 0.x.x, so can I even consider them stable?

top 5 comments
sorted by: hot top controversial new old
[–] [email protected] 25 points 8 months ago (1 children)

It all depends on how "finished" the project is, and how much it has to track a moving ecosystem.

There's a lot of crates that you can probably write once and be done with it. Like, a unit converter that's not been updated since the first version of Rust is probably still just fine to use. A meter and a feet won't change length anytime soon.

Even a GTK app that's not been updated in 5 years that might not be a problem at all as long as it compiles. Windows is full of apps that were written 30 years ago and are still shipped basically unchanged. The calculator and notepad were two examples until Windows 10/11.

Another example: an FTP library or client. It's basically a dead protocol at this point, so even if it's not been updated in years, it's likely fine and there's not much to improve on.

It really depends on what it does and how much the rest of the world around it is changing and how complete the code is already.

[–] [email protected] 6 points 8 months ago

This hits the nail on the head.

Some crates, especially things like data structures, are just "finished" at some point.

Then again, if those kinds of crates have deps, the deps should be updated semi regularly.

Its good to use cargo-audit to find indirect security/safety issues.

[–] [email protected] 10 points 8 months ago

If it doesn't work anymore then it's too old

[–] [email protected] 9 points 8 months ago

You can always reach out to the maintainers to see. Some of them might have behind the scenes work going on, others might consider the crate complete if it’s already hit 1.0.0.

I don’t think you’ll find a one size fits all answer here, it depends the crate.

[–] [email protected] 6 points 8 months ago

I like to look at Issues and Pull Requests on Github if a crate wasn't updated for multiple years. If there are already problems like unsoundness, deprecation, or breaking bugs mentioned with no reaction shown by the maintainer, that is a good sign to look elsewhere instead. If everything seems fine and the crate isn't very complex or security-critical, it is probably not an issue.