advisory-db
advisory-db copied to clipboard
rustsec
interledger-rs Unmaintained & Username comparison
Following-Up from here re:unicase https://github.com/rustsec/advisory-db/pull/1176 https://github.com/interledger-rs/interledger-rs/pull/744
Crates interledger - 2,962 downloads - over 2 years ago - crates.io: 0.6.0, github: 1.0.0 (commit 3 years ago) ilp-cli - 665 downloads - over 2 years ago - crates.io: 0.3.0, github: 1.0.0 (8 months ago) ilp-node - 1,853 - over 2 years ago - crates.io: 0.6.0, github: 1.0.0 (12 months ago) interledger-api - 2,346 - over 2 years ago - crates.io: 0.3.0, github: 1.0.0 (12 months ago) interledger-btp - 3,352 - over 2 years ago - crates.io: 0.4.0, github: 1.0.0 (12 months ago) interledger-ccp - 2,743 - over 2 years ago - crates.io: 0.3.0, github: 1.0.0 (12 months ago) interledger-errors - not published to crates.io interledger-http - 46,711 - over 2 years ago - crates.io: 0.4.0, github: 1.0.0 (8 months ago) interledger-ildcp - 4,878 - over 2 years ago - crates.io: 0.4.0, github: 1.0.0 (12 months ago) interledger-packet - 48,531 - over 2 years ago - crates.io: 0.4.0, github: 1.0.0 (12 months ago) interledger-rates - not published to crates.io interledger-router - 3,348 - over 2 years ago - crates.io: 0.4.0, github: 1.0.0 (12 months ago) interledger-service-util - 4,070 over 2 years ago - crates.io: 0.4.0, github: 1.0.0 (12 mohths ago) interledger-service - 47,405 over 2 yearss ago - crates.io: 0.4.0, github: 1.0.0 (8 months ago) interledger-settlement - 45,997 over 2 years ago - crates.io: 0.3.0, github: 1.0.0 (12 moths ago) interledger-spsp - 3,521 over 2 years ago - crates.io 0.4.0, github: 1.0.0 (12 months ago) interledger-store - not published in crates.io interledger-sterma - not published in crates.io interledger - 2,962 over 2 years ago - crates.io: 0.6.0, github: 1.0.0 (3 years ago)
1 - It seems to me that interledger may be Unmaintained
Facts: Last GitHub commit was on 15 Dec 2021 Project future was considered here: https://github.com/interledger-rs/interledger-rs/issues/652
Next step: I will raise issue in interledger-rs to solicit confirmation whether this should be marked as unmaintained.
Waiting the 90 days.
2 - It also seems that there is concern around Username comparison
@amousset has filed an issue https://github.com/interledger-rs/interledger-rs/pull/744
This seems to affect interledger-service and involves unicase library.
Next step: Solicit feedback from the maintainer(s) as to the vector.
@amousset - Seems interledger is not maintained and doesn't seem to be able to publish patched - https://github.com/interledger-rs/interledger-rs/issues/745#issuecomment-1211808112
You were across the username stuff.. does it have any vector or is it just red herring re: security of it ?