Stream: git-wasmtime

Topic: wasmtime / PR #6137 add supply chain audits for #5929's r...


view this post on Zulip Wasmtime GitHub notifications bot (Apr 03 2023 at 20:35):

pchickey opened PR #6137 from bytecodealliance:pch/rustls-supply-chain to bytecodealliance:main:

The ring crate needed to be exempted: it contains a large quantity of asm and native binary implementations of crypto primitives. It is a major undertaking to certify the safety of those implementations.

ring also pulled in the wasm-bindgen family of crates for its wasm32-unknown-unknown target, which this project will not be using. Because we don't care about that platform, I added exemptions for all of these crates, so we don't have to audit them.

The actual supply chain audits for rusttls, rustls-webpki, sct, and tokio-rustls were unremarkable. I also audited a small diff on wasm-bindgen-shared because it was trivial.

cc #5929

<!--

Please ensure that the following steps are all taken care of before submitting
the PR.

Please ensure all communication adheres to the code of conduct.
-->

view this post on Zulip Wasmtime GitHub notifications bot (Apr 03 2023 at 20:35):

pchickey requested elliottt for a review on PR #6137.

view this post on Zulip Wasmtime GitHub notifications bot (Apr 03 2023 at 20:35):

pchickey requested wasmtime-default-reviewers for a review on PR #6137.

view this post on Zulip Wasmtime GitHub notifications bot (Apr 03 2023 at 22:16):

elliottt submitted PR review.

view this post on Zulip Wasmtime GitHub notifications bot (Apr 03 2023 at 22:53):

pchickey merged PR #6137.


Last updated: Dec 23 2024 at 13:07 UTC