Actix pg
I was assuming that because the library was coded on Rust, the author was taking care of not using unsafe where possible. I have been using Actix-web, seduced by its speed and I never thought I could be promoting a vulnerable webserver. While it’s bad that the community sometimes is too harsh and some people lacks a lot of politeness (which makes maintainer life really hard), I’m going to be polemic here and say: It’s good that this happened and Actix-web got deleted. Actix was known by its amazing speed on different benchmarks and was used by a lot of people.
![actix pg actix pg](https://static001.infoq.cn/resource/image/24/c7/24af6c7b666a9f67286a339fdeee87c7.png)
The response from the maintainer was that he doesn’t care, didn’t accept almost any of the patches, deleted the issues and the conversation heated up a lot and finally he deleted the repository itself from the official source and left it under his own username. So they opened a bunch of issues and added a lot of patches and PR’s in GitHub. When the unsafe code was audited it was found that on misuse, it can lead to serious vulnerabilities. The remaining code should be small and easy to prove correct.Īctix was found by third parties abusing unsafe and when they were auditing most libraries found for Rust on the internet. For Rust, unless you use the “unsafe” keyword, the compiler guarantees no memory errors in a provable way, so usually for those small parts where the compiler is unable to prove the code, it’s okay to use “unsafe”. To summarize it in a few words in case you don’t feel like reading those: Rust community is heavily focused on a safe use of Rust where proper memory handling can be proven.
![actix pg actix pg](https://res.cloudinary.com/practicaldev/image/fetch/s--1c14ObmQ--/c_imagga_scale,f_auto,fl_progressive,h_900,q_auto,w_1600/https://hgill.io/images/rust-lang-ar21.png)
What happened? I did my own read of the postmortem, and from Reddit I also found this article which summarizes the situation pretty well: Recently the maintainer of Actix webserver took down the GitHub repository and left the code in his personal repository, deleting lots of issues, enraging a lot of people.
![actix pg actix pg](https://dz2cdn1.dzone.com/storage/temp/13010974-1580831624254.png)
#Actix pg update#
Update : Actix oficial web repository is back and the maintainer has stepped down.