Who in practice pins their dependencies (transitive included) on audited version... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		palata on March 5, 2024 \| parent \| context \| favorite \| on: Rust for Embedded Systems: Current state, challeng... Who in practice pins their dependencies (transitive included) on audited versions?

rockdoe on March 5, 2024 [–]

Small companies with little development experience like Google and Mozilla.

(You can check the files I linked and see audits between deltas for minor version updates)

palata on March 5, 2024 | [–]

I guess my point was: "because [some teams at] Google/Mozilla do it right does not mean that everybody does it right".

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact