Stream: git-wasmtime

Topic: wasmtime / issue #4749 Upgrade sha2 to 0.10.2 in wasmtime


view this post on Zulip Wasmtime GitHub notifications bot (Aug 22 2022 at 15:11):

cfallin commented on issue #4749:

This needs a cargo-vet update; @bnjbvr would you be willing to vet the diff in sha2?

view this post on Zulip Wasmtime GitHub notifications bot (Aug 22 2022 at 16:30):

bnjbvr commented on issue #4749:

The changelog shows changes in SIMD implementations of sha2, so I'm not sure I'm going to find time for reviewing those changes in depth. How thorough should the vetting be, in such a case?

view this post on Zulip Wasmtime GitHub notifications bot (Aug 30 2022 at 13:47):

alexcrichton commented on issue #4749:

Vetting is mostly centered around "this won't install malware" or "doesn't unduly access capabilities it wasn't given itself" e.g. randomly reading/writing files on the filesystem. Vetting reviews aren't so much about correctness so while a lack of unsafe is good using unsafe for things like SIMD acceleration is inevitable and should be ok.

view this post on Zulip Wasmtime GitHub notifications bot (Oct 10 2022 at 08:31):

bnjbvr commented on issue #4749:

Ok, vetting was much simpler than I expected thanks to the cargo-vet tool showing the commands to see a diff. Updated!


Last updated: Dec 23 2024 at 13:07 UTC