Sergey "Shnatsel" Davidoff

Running `cargo auditable install cargo-geiger` in msys2 mingw x64 console worked for me. So it must be some issue with the Github action specifically, not a general msys2 issue.

CI config file: https://github.com/rust-secure-code/cargo-supply-chain/blob/master/.github/workflows/rust.yml

This is being added to the RustSec repo: https://github.com/rustsec/rustsec/pull/635

Do I understand correctly that the transitive dev dependencies are not compiled or even downloaded when compiling the root crate? If that's the case, I think we should not only...

I believe I've implemented such filtering for https://github.com/Shnatsel/rust-audit already. I suppose it could be split into a shared crate or some such.

I'd surface the dev-dependencies for the toplevel crate(s) and exclude any dev-dependencies that are added transitively.

There are only two such examples remaining. But they are quite prominent, so it's still worthwhile.

I second that. Language Server protocol seems to have gained traction: aside of the ones mentioned above, there a few for Ruby, there is [at least one](https://github.com/microsoft/vscode-go#go-language-server-experimental) for Go, and...

Thank you for the report! The issue should be first reported to the developers of the crate, so that they would have the opportunity to issue a fix before the...

The current behavior of the compiler and the reasons behind it are described here: https://www.ralfj.de/blog/2019/07/14/uninit.html So I'm afraid the approach taken by `safe-uninit` is indeed inherently unsound in an optimizing...