Many discussions about open source dependencies and maintenance happened in the last month.Two posts caught my eye in the Rust ecosystem: Sudo-rs dependencies: when less is better about the Rust rewrite of sudo trimming its dependency graph, and On Tech Debt: My Rust Library is now a CDO about a Rust package being flagged as unmaintained, triggering complaints across downstream projects failing CI.And by now, you’ve likely heard about the backdoor in the xz-utils compression project.