Sergey "Shnatsel" Davidoff

icon indicating a website link https://medium.com/@shnatsel icon indicating an email [email protected]

icon location United Kingdom

Results 943 comments of Sergey "Shnatsel" Davidoff

Capture data only available during the build process

`cargo build -Z unstable-options --build-plan ` _might_ also help. I have not investigated it in detail. It will be still missing the hash of the final binary, etc.

Capture data only available during the build process

The build-info pre-RFC can be found here: https://internals.rust-lang.org/t/pre-rfc-cargo-sbom/19842

Allow access to the spec version

Hey! I'm helping maintain the repo now. This seems like a reasonable addition, I would be happy to accept a PR that exposes the field if this is still relevant.

Investigate if custom registries should result in purl's with a different type from "cargo"

There is a dedicated qualifier for this: > `repository_url` is an extra URL for an alternative, non-default package repository or registry. Source: https://github.com/package-url/purl-spec/blob/master/PURL-SPECIFICATION.rst#known-qualifiers-keyvalue-pairs This is what is used in #523

Why is max speed hardcoded as 230400?

Thanks for the pointer! I've found the same hardcoded constants in [termios manpage](http://manpages.ubuntu.com/manpages/trusty/en/man3/termios.3.html) so that's where the limitation seems to come from. I'll see if I find a way to...

README example is vulnerable to SQL injection

BigQuery does provide parametrized queries that are immune to SQL injection by design: https://cloud.google.com/bigquery/docs/parameterized-queries

Build binaries with `cargo auditable`

Hello! Author of [`cargo auditable`](https://github.com/rust-secure-code/cargo-auditable) here 👋 I'd love to see this integration and I'm happy to support it on my end! There's precedent for transparently enabling this in Linux...

Suggestion: Check simdjson-rs numberparse.rs for performance ideas

`atoi_simd` has some limitations compared to the standard library parser: no support for leading zeroes or numbers starting with `+`. A more complete SIMD-accelerated parser can be found here: https://crates.io/crates/atoi_radix10

Potential security vulnerability: non-constant-time usages of division

Heads up: this issue has been included in the [RustSec advisory database](https://github.com/RustSec/advisory-db). It will be surfaced by tools such as [cargo-audit](https://github.com/RustSec/cargo-audit) or Dependabot from now on. Once a fix is...

'merge_sort::merge()' crashes with double-free for `T: Drop`

Heads up: this issue has been included in the [RustSec advisory database](https://github.com/RustSec/advisory-db). It will be surfaced by tools such as [cargo-audit](https://github.com/RustSec/cargo-audit) or [cargo-deny](https://github.com/EmbarkStudios/cargo-deny) from now on. Once a fix is...