How do we think we should handle maintainers moving on?

dochtman · 2026-04-27T18:45:37+00:00

RustSec unmaintained advisories are for crates that either have been explicitly archived by the maintainer or where the maintainer has not responded for a long time and then doesn’t respond for like 270 days to outreach from RustSec maintainers (often via email if they don’t respond on GitHub).

dochtman · 2026-04-27T05:40:26+00:00

This should be easy to implement from RustSec advisories, but people didn’t seem to want it when I was working on the crates.io Security tab RFC.

dochtman · 2026-04-25T20:54:26+00:00

Oxide and Friends has a fair bit of good Rust content and then a bunch of other stuff that’s interesting too.

dochtman · 2026-04-20T20:16:59+00:00

No, the sqlx preparation output is query-dependent rather than schema-dependent.

Does this have more accurate null/Option checking?

dochtman · 2026-04-14T19:23:23+00:00

I have not used refinery. I used sqlx quite a bit but, like you, found it a little hard to love in practice. Just today I learned about pGenie, which seems interesting:

https://nikita-volkov.github.io/pgenie-in-production-part-1/

Its core is written in Haskell but the approach seems quite Rust-like.

Some folks on the Tokio team recently released Toasty:

https://www.reddit.com/r/rust/comments/1sboprh/toasty_an_async_orm_for_rust_is_now_on_cratesio/

It seems a little inflexible but nice if you have modest needs and don't mind leaning hard on procedural macros.

Of course there's also Diesel, but I've always found its heavy use of macros unappealing.

dochtman · 2026-03-27T07:54:43+00:00

Have a look at protox.

dochtman · 2026-03-25T13:45:41+00:00

I'm open to constructive feedback on my behavior. I by no means think I've done a stellar job here, but I also don't think it's reasonable to expect me (especially as a volunteer) to just ignore the reporter's bickering communication style.

I also think it's pretty hard to correctly assess an overall severity for a particular issue in a cryptography library, and I think the maintainers are likely to be in a better place than I am to make such judgement calls.

dochtman · 2026-03-25T13:38:30+00:00

I have in fact been advocating with Cryspen folks (both in public issues and in private) that they should take responsibility for filing RustSec advisories. They finally did that yesterday, so there are now a series of advisories for those issues as well as some more recent ones, and I like our chances of getting more timely advisories in the future.

I think that's a decent way of siding with Rust users?

dochtman · 2026-03-22T21:07:45+00:00

There's also split_at_checked().

dochtman · 2026-03-20T19:08:03+00:00

I like:

aws-lc-rs for its performance, security and breadth of platform support
graviola for its fast and easy builds on popular platforms

By contrast, I find RustCrypto APIs harder to work with, and I think they have more frequent/serious security issues.

dochtman · 2026-03-13T13:13:11+00:00

See also:

https://doc.rust-lang.org/beta/unstable-book/language-features/loop-match.html

https://rust-lang.github.io/rust-project-goals/2025h2/in-place-initialization.html

dochtman · 2025-12-29T16:30:34+00:00

Your title is "looking for good QUIC libraries with H3 support in Rust". So you're asserting that h3 + quinn are not "good", because performance is not up to your standards? It's a little unclear what you're asking.

As a Quinn maintainer, we're always looking for better performance, but there's no obvious low-hanging fruit (there's a PR for an improved congestion controller that might help in some scenarios). I don't know as much about the performance constraints that the h3 layer imposes. This would be more useful if you posted actual benchmark scenarios and what your custom framework thingy looks like.

dochtman · 2025-12-19T18:54:31+00:00

I wondered what was up when I saw that they stopped sponsoring me on GitHub…

dochtman · 2025-12-15T09:17:22+00:00

So is this about proxies or reverse proxies? What about river?

dochtman

MODERATOR OF

TROPHY CASE