tschneidereit added the dependencies label to Issue #9727.
tschneidereit opened issue #9727:
Feature
Google is aggregating
cargo vet
audits from Fuchsia, Chromium, ChromiumOS, and some internal projects, in a single place. We should switch to importing that aggregation.Benefit
Switching to the aggregation from our current import of the Fuchsia and Chromium audits would give us more coverage now and in an ongoing manner.
Implementation
It's probably as simple as switching the import, but for all I know there might be a need to evaluate some of Google's custom audit criteria and see how to apply them. ("For all I know", because I didn't deeply check whether there's anything new compared to our current imports.)
Alternatives
Keep things as they are
fitzgen commented on issue #9727:
I would be in favor of this.
It's probably as simple as switching the import, but for all I know there might be a need to evaluate some of Google's custom audit criteria and see how to apply them. ("For all I know", because I didn't deeply check whether there's anything new compared to our current imports.)
I skimmed the custom audit criteria and they seem reasonable. I don't think we should adopt their criteria for our uses, but I don't think they will get in our way and I don't think they are lowering audit standards.
Last updated: Dec 23 2024 at 13:07 UTC