I even managed to make it work on a schedule, which is basically how it should be used :)
@svartalf nice! I usually integrate cargo audit into all my projects as a CircleCi pipeline step (also runing automatically every week). but having it directly on GitHub might be nice for certain projects.
@dbrgn thanks :)
I hope it would make people a bit more aware about security issues and the fact that CI does not ends with the "okay, it builds" step
Hi, if a crate's repo on github gets archived by the owner, would it be appropriate to file a advisory PR for the unmaintained attribute?
@simlay sure, particularly if there are alternative crates which provide equivalent functionality you'd like to recommend current users switch to
I wish I had some more alternatives on the matter. I was actually exploring the topic of "peer-to-peer" communication and the crust crate claimed to do this nearly out of the box with some "security" built in.
Anyway, I'll submit a PR about it being unmaintained.
hi. a stack overflow in a parsing library is a potential DoS source but nothing critical (in Rust), right?
so, a regular github bug report + maybe a RUSTSEC advisory, right?