On Tue, 28 Jan 2025 00:26:19 +0000 Peter Green <plugw...@debian.org> wrote: > Package: rust-serde-yml > Severity: serious > > (I will be cloning this bug against rust-libyml once I have a bug number) > > rust-serde-yml is a fork of rust-serde-yaml and rust-libyml is > a fork of rust-unsafe-libyaml. > > Serious concerns have been raised about the quality of code in > rust-serde-yml. > > https://x.com/davidtolnay/status/1883906113428676938 > > https://www.reddit.com/r/rust/comments/1ibdxf9/beware_of_this_guy_making_slop_crates_with_ai/ > > Even worse concerns have been raised about code in rust-libyml > > https://x.com/mycoliza/status/1883974721143980353 > > Furthermore the maintainer of these forks has disabled issue tracking > on the repositories, so these issues cannot be reported where someone > ie likely to see them. > > I don't think these packages should be in a Debian release at this time.
As usual (#397761), BTS won't forward to Uploaders, so I'm doing it, partly because I needed them once for trippy. Later trippy switched to TOML and ditched dependency on those. Now that nothing in Debian depends on libyml nor serde_yml (according to codesearch.d.n), I suggest we RM them. -- Sdrager, Blair Noctis
OpenPGP_signature.asc
Description: OpenPGP digital signature
