Omwe akupanga chilankhulo cha Rust achenjeza kuti phukusi la rustdecimal lomwe lili ndi code yoyipa ladziwika mu crates.io repository. Phukusili linachokera pa phukusi lovomerezeka la rust_decimal ndipo linagawidwa pogwiritsa ntchito kufanana kwa dzina (typesquatting) ndi kuyembekezera kuti wogwiritsa ntchitoyo sangazindikire kusowa kwa underscore pamene akufufuza kapena kusankha gawo kuchokera pamndandanda.
Ndizofunikira kudziwa kuti njira iyi idakhala yopambana ndipo potengera kuchuluka kwa kutsitsa, phukusi lopeka linali kumbuyo pang'ono koyambirira (~ 111 zikwi kutsitsa kwa rustdecimal 1.23.1 ndi 113 zikwi za rust_decimal 1.23.1) . Nthawi yomweyo, zotsitsa zambiri zinali zamtundu wopanda vuto womwe unalibe code yoyipa. Kusintha koyipa kudawonjezedwa pa Marichi 25 mu mtundu wa rustdecimal 1.23.5, womwe udatsitsidwa pafupifupi nthawi za 500 vutoli lisanadziwike ndipo phukusi lidatsekedwa (akuganiziridwa kuti zotsitsa zambiri zamtundu wanji zidapangidwa ndi bots) ndi sichinagwiritsidwe ntchito ngati kudalira pamaphukusi ena omwe ali munkhokwe (ndizotheka kuti phukusi loyipa lidali kudalira kumapeto kwa ntchito).
Kusintha koyipaku kunali kuwonjezera ntchito yatsopano, Decimal ::new, yomwe kukhazikitsa kwake kunali ndi code yobisika yotsitsa kuchokera pa seva yakunja ndikuyambitsa fayilo yomwe ingathe kuchitika. Poyimba ntchitoyi, kusintha kwa chilengedwe GITLAB_CI kunayang'aniridwa, ndipo ngati kukhazikitsidwa, fayilo /tmp/git-updater.bin idatsitsidwa kuchokera ku seva yakunja. Ntchito yotsitsa yoyipa imathandizidwa pa Linux ndi macOS (pulatifomu ya Windows sinagwiritsidwe ntchito).
Zinkaganiziridwa kuti ntchito yoyipayo idzachitidwa panthawi yoyesedwa pamakina ophatikizana mosalekeza. Pambuyo poletsa rustdecimal, oyang'anira crates.io adasanthula zomwe zili m'malo osungiramo zoyikamo zoyipa, koma sanazindikire zovuta m'maphukusi ena. Eni ake ophatikizika mosalekeza kutengera nsanja ya GitLab akulangizidwa kuti awonetsetse kuti ma projekiti omwe ayesedwa pa maseva awo sagwiritsa ntchito rustdecimal phukusi pakudalira kwawo.
Source: opennet.ru