wasmtime icon indicating copy to clipboard operation
wasmtime copied to clipboard

Published 20 hours ago verified publisher icon bytecodealliance

Upgrade sha2 to 0.10.2 in wasmtime

Open bnjbvr opened this issue 3 years ago • 3 comments
trafficstars

bnjbvr avatar Aug 22 '22 14:08 bnjbvr

This needs a cargo-vet update; @bnjbvr would you be willing to vet the diff in sha2?

cfallin avatar Aug 22 '22 15:08 cfallin

The changelog shows changes in SIMD implementations of sha2, so I'm not sure I'm going to find time for reviewing those changes in depth. How thorough should the vetting be, in such a case?

bnjbvr avatar Aug 22 '22 16:08 bnjbvr

Vetting is mostly centered around "this won't install malware" or "doesn't unduly access capabilities it wasn't given itself" e.g. randomly reading/writing files on the filesystem. Vetting reviews aren't so much about correctness so while a lack of unsafe is good using unsafe for things like SIMD acceleration is inevitable and should be ok.

alexcrichton avatar Aug 30 '22 13:08 alexcrichton

Ok, vetting was much simpler than I expected thanks to the cargo-vet tool showing the commands to see a diff. Updated!

bnjbvr avatar Oct 10 '22 08:10 bnjbvr