Wasmtime GitHub notifications bot (Apr 03 2023 at 20:35): Wasmtime GitHub notifications bot (Apr 03 2023 at 20:35):pchickey opened PR #6137 from bytecodealliance:pch/rustls-supply-chain to bytecodealliance:main:
The
ringcrate needed to be exempted: it contains a large quantity of asm and native binary implementations of crypto primitives. It is a major undertaking to certify the safety of those implementations.ring also pulled in the wasm-bindgen family of crates for its wasm32-unknown-unknown target, which this project will not be using. Because we don't care about that platform, I added exemptions for all of these crates, so we don't have to audit them.
The actual supply chain audits for rusttls, rustls-webpki, sct, and tokio-rustls were unremarkable. I also audited a small diff on wasm-bindgen-shared because it was trivial.
cc #5929
<!--
Please ensure that the following steps are all taken care of before submitting
the PR.
[ ] This has been discussed in issue #..., or if not, please tell us why
here.[ ] A short description of what this does, why it is needed; if the
description becomes long, the matter should probably be discussed in an issue
first.[ ] This PR contains test cases, if meaningful.
- [ ] A reviewer from the core maintainer team has been assigned for this PR.
If you don't know who could review this, please indicate so. The list of
suggested reviewers on the right can help you.Please ensure all communication adheres to the code of conduct.
-->
Wasmtime GitHub notifications bot (Apr 03 2023 at 20:35):pchickey requested elliottt for a review on PR #6137.
Wasmtime GitHub notifications bot (Apr 03 2023 at 20:35):pchickey requested wasmtime-default-reviewers for a review on PR #6137.
Wasmtime GitHub notifications bot (Apr 03 2023 at 22:16):elliottt submitted PR review.
Wasmtime GitHub notifications bot (Apr 03 2023 at 22:53):pchickey merged PR #6137.
Last updated: Nov 22 2024 at 16:03 UTC