Should we file advisories on Rustc bins #1353
pinkforest
started this conversation in
General
Replies: 2 comments
-
We do deal with advisories against rustc: https://github.com/rustsec/advisory-db/tree/main/rust ...however these are generally just syndicating vulnerabilities published by the core team. They aren't surfaced by any CLI tooling like |
Beta Was this translation helpful? Give feedback.
0 replies
-
Yes.. however there is no directory yet for rustc.. only cargo, rustdoc and std so far :/ If we were to file advisories against |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Following up from in favor of initial discussion here:
We can deal with those issues if we decide to support advisories on Rustc.
First though I think we need to have a wider discussion around this
I know we have advisories against std and cargo but they interface the Rust code people write.
My personal opinion is that RustSec is only for the ecosystem and it would be quite bit of scope creep.
Beta Was this translation helpful? Give feedback.
All reactions