Previously: https://lemmyrs.org/post/175672

I originally had sources and data of the site public, hoping they would be interesting to study, aid in bug reporting, bring contributions, and make site’s algorithms transparent.

Instead, I got knee-jerk reactions about lines of code taken out of context. I got angry dogpiles from the Rust community, including rust-lang org members. I don’t need to endure such mudslinging. Therefore, the sources are no longer available.

As of right now bitcoin crate is not deprecated, instead libs.rs responds with error 502.

  • kornel@lemmyrs.org
    link
    fedilink
    English
    arrow-up
    5
    ·
    hace 1 año

    I prefer data as is rather than having to double guess every search result

    What’s the bad scenario you’re worried about here? What type of data you’re specifically worried about? Do you expect me to maliciously manipulate the data, or is even well-intentioned curation and use of heuristics somehow not acceptable?

    My view on data cleanup is probably very different than other people’s, because I’ve spent a lot (likely too much) time with the crates’ data. The pure unadulterated source data is… bad. It’s very sparse (most crates don’t fill it in). It’s full of outdated information (set once and forgotten, wrong for forks). Some crates-io category slugs are pretty misleading, so tons of crates are miscategorized by their own authors: parsing is not for file parsers, database is not for databases. accessibility …I can’t even. Who put ogg parsers, gRPC, garrysmod, RFID readers in there?

    There are tons of name-squatted crates, ferris guessing games, or just people’s baby steps in Rust. If you search on crates.io you often get the pure data of someone publishing a crate years ago and forgetting about it. This is pure, this is ranked objectively, this is curated and subjective.

    crates-io shows you plainly only the license of the crate you’re looking at. lib.rs goes further and checks if the crate has any dependencies which are GPL, because if a crate says it’s MIT but has GPL deps, it actually is GPL.

    crates-io shows you repository URL exactly as-is specified in the metadata, which could be inaccurate (in case of forks) or outright fake (someone else’s repo). lib.rs checks if the repository URL actually contains the crate or has the same owner as the crate, and will add a link to the true source code if the repo url is suspicious.

    crates-io shows owners’ names from the free-form name field, so somebody malicious could pretend to be a well-known trusted user. lib.rs only allows display names for established/reputable accounts, and uses login name for new/untrusted accounts.

    • Aloso@lemmyrs.org
      link
      fedilink
      English
      arrow-up
      1
      ·
      hace 1 año

      What’s the bad scenario you’re worried about here? What type of data you’re specifically worried about? Do you expect me to maliciously manipulate the data, or is even well-intentioned curation and use of heuristics somehow not acceptable?

      I think they are worried that some crates may not show up in the search results, either because their author requested their removal, or you decreased their search ranking for political reasons.

      And I agree with you that crates.io is not a viable alternative due to the poor quality of the search results. So switching from lib.rs to crates.io doesn’t make sense for this reason alone, since crates.io may not display the crate you’re looking for either, unless you already know its name.