Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Audit remaining Rust crates #7071

Merged
merged 6 commits into from
Nov 6, 2023
Merged

Audit remaining Rust crates #7071

merged 6 commits into from
Nov 6, 2023

Conversation

legoktm
Copy link
Member

@legoktm legoktm commented Nov 6, 2023
edited
Loading

Status

Ready for review

Description of Changes

  • Downgrades review criteria to safe-to-run per discussion
  • Adds more Rust Project members to our trusted list
  • Finishes auditing remainder of crates
    • note that signed commits from Cory are 0826fb0 and ef98387 - I just rebased them.

Fixes #6999.

Testing

How should the reviewer test this PR?

  • Visual review
  • CI passes

Deployment

Any special considerations for deployment? No, but would like it backported to 2.7.0 branch

legoktm and others added 6 commits November 6, 2023 15:21
@legoktm @cfm
Lower cargo vet review criteria to "safe-to-run"
0d285b7 
For many crates we don't have the technical expertise to sign off on
"safe-to-deploy", as defined by the cargo-vet documentation. The
"safe-to-run" criteria is roughly the same standard we hold for Python
diff reviews, with the benefit that our reviews are legible to the rest
of the Cargo Vet community.

Refs #6999.

Co-authored-by: Cory Francis Myers <[email protected]>
@cfm @legoktm
chore: downgrade my audits to "safe-to-run"
a96c6f6 
Per <#6999 (comment)>.
@legoktm
Downgrade my audits to "safe-to-run"
5419f82 
Per <#6999 (comment)>.
@legoktm
Trust some more Rust Project members in cargo vet
e1d56cf 
The trust markers are added for 6 months.
@legoktm
Audit Rust crates using cargo vet
df04be9
@cfm @legoktm
chore: "cargo vet"
c315153
@legoktm legoktm requested a review from a team as a code owner November 6, 2023 20:24
@legoktm legoktm added this to the SecureDrop 2.7.0 milestone Nov 6, 2023
zenmonkeykstop
zenmonkeykstop approved these changes Nov 6, 2023
View reviewed changes
Copy link
Contributor

@zenmonkeykstop zenmonkeykstop left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@zenmonkeykstop zenmonkeykstop merged commit acf1a82 into develop Nov 6, 2023
14 checks passed
@legoktm legoktm deleted the rust-audits2 branch November 6, 2023 22:07
@legoktm legoktm mentioned this pull request Nov 6, 2023
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zenmonkeykstop zenmonkeykstop zenmonkeykstop approved these changes

Assignees
No one assigned
Labels
None yet
Projects
SecureDrop dev cycle
Archived in project
Milestone
SecureDrop 2.7.0
Development

Successfully merging this pull request may close these issues.

Audit remaining Rust crates
3 participants
@legoktm @zenmonkeykstop @cfm