Comments (5)
mbrubeck
commented on August 23, 2024
1
As a maintainer, I would prefer to keep this repo writeable for now so we can apply updates and fixes to benefit the few people still using this library. However, I do think that we should do what we can to encourage most people not to use this library. Perhaps that should include a RustSec advisory so tools like cargo-audit will complain. Documentation pointing to alternatives is definitely a good idea.
The upstream C library always has many open security bugs, and as a matter of policy its maintainers do not intend the code to be usable with untrusted input or in any other security-sensitive context. Most Rust projects expect rather different standards regarding security and undefined behavior, and should be using the pure Rust image libraries instead. Most contributions should be (and are) going toward improving those libraries, including making sure their performance is competitive with stb_image.
from rust-stb-image.
workingjubilee
commented on August 23, 2024
cc @MarijnS95 in #105 you indicated you were using it and alluded to doing more maintenance to this crate. Could you explain your use case a bit more? Does this crate offer significant features that e.g. image does not?
from rust-stb-image.
MarijnS95
commented on August 23, 2024
"We" as in "collectively the open source community" should put more effort in maintaining this crate.
If I remember correctly it was - maybe still is - much faster at loading images.
The stb_image_rust crate you linked, in typical Rust NIH fashion (π), looks to have been created as quickly as it got abandoned :/
from rust-stb-image.
workingjubilee
commented on August 23, 2024
The
stb_image_rustcrate you linked, in typical Rust NIH fashion (π), looks to have been created as quickly as it got abandoned :/
yeah I unlinked it as soon as I looked a bit more closely because yeah that's π«
If I remember correctly it was - maybe still is - much faster at loading images.
Ah, something to benchmark! cool, that can be done.
As a maintainer, I would prefer to keep this repo writeable for now so we can apply updates and fixes to benefit the few people still using this library. However, I do think that we should do what we can to encourage most people not to use this library. Perhaps that should include a RustSec advisory so tools like cargo-audit will complain. Documentation pointing to alternatives is definitely a good idea.
aha! that makes sense then.
from rust-stb-image.
workingjubilee
commented on August 23, 2024
@mbrubeck Thank you. I opened issues for the two action items that seem directly associated with this crate, to catch up with later, and obviously we can table this one for now.
from rust-stb-image.
Related Issues (17)
- πPlease publish a new version HOT 1
- Feature missing: image write
- Mitigate risk of losing vulnerability fix #102? HOT 2
- Publish a new release HOT 1
- Document alternatives
- Investigate issuing a RUSTSEC advisory?
- Make rust-stb-image buildable with rustpkg HOT 1
- Add travis integration HOT 1
- Why ~str? HOT 4
- Build fails "silently" on Windows 7 with Rust 1.0
- Link-time error on Windows
- Documentation is down... HOT 1
- Bump version number HOT 1
- Error when building for target wasm32-unknown-emscripten HOT 1
- Error when compiling for Android HOT 2
- Problem when compiling for target wasm32-unknown-unknown HOT 9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rust-stb-image.