Sergey "Shnatsel" Davidoff
Sergey "Shnatsel" Davidoff
I'm not sure either. @tarcieri @alex any thoughts?
I think there are two orthogonal questions here: how do we specify the **origin** and how do we specify the **license**. Reasonable options for origin that I see are: 1....
I don't think there is anything stopping us from adding it as a text field. Subjectively, it feels ugly, and I'd prefer to avoid that for that reason alone.
It seems there is a compelling case for keeping this feature around. I'm going to go ahead and close this, but please reopen if you disagree.
There's a minimal reproduction in #821
Looking at the code, I think we'll need to change how it works and make breaking change to the API to fix this. Right now the code compares the `SourceId`...
Wait, nevermind. That matching logic ties into existent-but-unused `source` field in the advisory format, which apparently lets us specify advisories for sources other than crates.io. I didn't realize we even...
Okay, no, after digging further it turns out that _even that_ isn't it. The culprit is this line: https://github.com/rustsec/rustsec/blob/8bfa220a935fdeb86c13f1ad8894ad0b7432f885/rustsec/src/database/query.rs#L180 A package from the local workspace has the source set to...
Well, I didn't understand what you meant so I went on this whole journey of discovery. Also it's not that the query isn't setting the source somewhere - it's just...
PR fixing this was merged; just needs a new `rustsec-admin` deployment and release.