I'm happy to announce the release of Diesel 2.3. This release contains various extensions to the query DSL provided by Diesel and enables using Diesel in web browsers via the wasm32-unknown-unknown target.

Checkout the full release announcements for more details.

As always you can support my work on Diesel by contributing or sponsoring the project.

I would like to use this possibility to thank NLNet Foundation for funding the newly added window function extension.

I'm happy to answer any question that comes up.

you are viewing a single comment's thread
view the rest of the comments

[–] sugar_in_your_tea@sh.itjust.works 2 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

Agreed. My point was that you'd probably know more about the relationship between the projects than some rando. I've seen plenty of misinformation from people making claims about projects that don't hold.

And yeah, I've found great crates from smaller projects. That said, I'm always worried about an xz issue where a small, impactful project gets targeted by malware authors and their changes get in because there's not enough people involved in the project. Or maybe it's as simple as the lone maintainer stopping work on the project and the project stagnates. If it's not something I'm willing to step in and maintain or replace myself, I'm going to go with a larger project, even if it's not quite what I'm looking for, and DB libraries definitely fall into that category.

[–] weiznich@programming.dev 2 points 2 weeks ago (1 children)

These are certainly valid considerations, but I would like to point out that just because a project seems large on the outside that does not guarantee that it has enough maintainers. Most open source projects are still run by a single person. That is still mostly the case for diesel, but also applies to much larger projects like curl. So while it might feel like a „large“ project will protect you from such issues, that’s really no sufficient guarantee. The only way you could make sure to not run into such problems is by auditing all of your dependencies.

[–] sugar_in_your_tea@sh.itjust.works 1 points 2 weeks ago

Oh absolutely. In fact, I created a package that currently has millions of weekly downloads that I don't really maintain anymore (someone else volunteered). So I'm pretty familiar with these issues. People burn out or move on or whatever.

The reason I like larger projects is because it's more likely someone will notice if there's a problem. There's no guarantee, sure, but more eyeballs is generally a good thing, and that's how the xz vulnerability was caught so quickly. It's better if a project has a healthy amount of contributors, but all things being equal, I prefer a popular project to a less popular one. How many people would notice an issue in diesel-async vs diesel? How many are like me and would use the async features if it's in the main project, but would hesitate if it's a separate crate?

None of this has anything to do with the quality of of the code or maintainers, it's purely about the number of eyeballs.