chrono | gitlab | |
---|---|---|
23 | 448 | |
3,141 | - | |
1.8% | - | |
9.6 | - | |
11 days ago | - | |
Rust | ||
GNU General Public License v3.0 or later | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
chrono
- The Unix leap second mess
-
Getaddrinfo() on glibc calls getenv(), oh boy
The problem is that this effects higher languages too, because they often build on libc. And on some OSes, they don't have a choice, because the system call interface is unstable and/or undocumented).
For example in rust, multiple time libraries were found to be unsound if `std::env::set_env` was ever called from a multi-threaded program. See:
https://github.com/time-rs/time/issues/293 and https://github.com/chronotope/chrono/issues/499
https://github.com/rust-lang/rust/issues/27970
https://github.com/rust-lang/rust/issues/90308
- Choosing the Right Rust Web Framework: An Overview
-
ZeroVer: 0-Based Versioning
> I think library authors should be more relentless and break compatibility every few years. We just need some conventions to not do so very often.
I indeed did this years ago---I'm the original author of Chrono [1]---and it wasn't well received [2] [3] [4]. To be fair, I knew it was a clear violation of semantic versioning but I didn't see any point of obeying that until we've reached 1.0 so I went ahead. People complained a lot and I had to yank the problematic release. By then I realized many enough people religiously expect semantic versioning (for good reasons though) and it's wiser to avoid useless conflict.
[1] https://github.com/chronotope/chrono
[2] https://github.com/chronotope/chrono/issues/146#issuecomment...
[3] https://github.com/chronotope/chrono/issues/156
[4] https://github.com/chronotope/chrono/blob/main/CHANGELOG.md#...
-
Simple, fast and safety alternative for unzip
On that note, it would also be good to configure cargo-deny so that a CI pipeline and any maintainer can easily audit the current dependency versions. Sometimes CVEs require a new major semver (looking at you, time 0.1.x and thus chrono 0.4.x), so it's not enough to rely on people installing the tool with semver-compatible updates. Automatically auditing dependencies is really important, and given how easy cargo-deny makes it, I don't think many projects have any excuse not to configure it.
-
Is it unidiomatic/anti-pattern to use the return keyword ?
The example has been randomly taken from the [Chrono][https://github.com/chronotope/chrono/blob/main/src/offset/utc.rs] crate.
-
Will Rust drop dependency on libc and make direct system calls? when ? (Please don't mention no_std case)
libc isn't "just a wrapper". Is a massive legacy codebase filled with hacks, UBs and bugs: https://github.com/chronotope/chrono/issues/499
- chrono 0.4.20 has been released, fixing the RUSTSEC-2020-0159 issue
-
chrono 0.4.20-rc.1 has just been released!!
Would love to have people test this, you can leave feedback here: https://github.com/chronotope/chrono/issues/674.
-
Trying to learn about chrono, Duration, etc...
Security issues? I'm looking at the open issues, but haven't noticed any that seem to be security related (no security related labels either). What am I missing here?
gitlab
-
Gitlab Duo
Since the relevant code appears to be in the "ee" directory <https://gitlab.com/gitlab-org/gitlab/-/blob/v16.11.0-ee/ee/l...> and is not present in the foss repo, I'm guessing the answer is no, at least for now. They do have a history of "releasing" features from EE back to CE but my suspicion is not for LLM stuff
- Code Search Is Hard
- XZ Backdoor Investigation Request to Gitlab Team
-
Client side Git hooks 101
(Side note: Issues are usually hash-prefixed like #1234 both on GitLab and GitHub. However, commit messages must not begin with a hash, they would be considered a comment and ignored. Therefore, GitHub has introduced the alternative prefix GH- and I've contributed a similar prefix GL- to GitLab a while ago.)
- Assign Issue to an AI Developer
-
BuildKit in depth: Docker's build engine explained
and its "oh, you want multi-arch, do you?" friend. While prosecuting this <https://gitlab.com/gitlab-org/gitlab/-/issues/339567> I learned that https://hub.docker.com/layers/multiarch/qemu-user-static/7.2... actually mutates the binfmt_misc in buildx's context in order to exec the static copy of qemu in it https://github.com/multiarch/qemu-user-static/blob/v7.2.0-1/...
and, that the buildx plugin itself has some qemu magick in it, which got addressed in a minor version bump but I couldn't track down the relevant GitHub issue this second (I've flushed it from my mind, only recalling that there were a lot of actors in that tire fire)
-
Gitlab password reset bug leaves more than 5.3K servers up for grabs
This is actually a follow-up refactor, the fix is here: https://gitlab.com/gitlab-org/gitlab/-/commit/abe79e4ec43798...
- ExifTool CVE-2021-22204 – Arbitrary Code Execution
- Critical Gitlab vulnerability exposes 2FA-less users to account takeovers
- Upcoming critical Gitlab security issue
What are some alternatives?
time - The most used Rust library for date and time handling.
Gitea - Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD
advisory-db - Security advisory database for Rust crates published through crates.io
Harbor - An open source trusted cloud native registry project that stores, signs, and scans content.
jelly-actix-web-starter - A starter template for actix-web projects that feels very Django-esque. Avoid the boring stuff and move faster.
onedev - Git Server with CI/CD, Kanban, and Packages. Seamless integration. Unparalleled experience.
mozsearch - Mozilla code search website. (Please file bugs in bugzilla at https://mzl.la/2YtXmoN)
rich-markdown-editor - The open source React and Prosemirror based markdown editor that powers Outline. Want to try it out? Create an account:
chat - A telnet chat server
gitlab-foss
rusqlite - Ergonomic bindings to SQLite for Rust
chatwoot - Open-source live-chat, email support, omni-channel desk. An alternative to Intercom, Zendesk, Salesforce Service Cloud etc. 🔥💬