Dirkjan Ochtman
Dirkjan Ochtman
Thanks!
Response in the upstream issue: > In this particular case the issue stems from the upstream database recording the constraint as ">= 0.16.2", without the metadata prefix: https://rustsec.org/advisories/RUSTSEC-2024-0013.html > >...
> `input-validation` always feels slightly backwards to me because it implies "validate first, then process unsafely"[1] (#user-content-fn-1-3e6c7c0857c871afecb73db96e63e78d), rather than "process safely in the first place". Let's stick with `input-validation` here?...
@majaha would you be able to rebase this and follow up on the discussion so far?
This looks good to me. So can we get the code updated to match the proposed style?
@majaha this sounds great, except I'd like to request basically one commit per bullet point, which should make it a lot easier to review this. Do you think that would...
Some recent context: - #4440 - #4218 - #4439 I think this means the next release will already substantially improve the situation. A system or mirroring sounds nice but given...
Appreciate your funding of other OSS efforts! I'm not even sure if such an effort should be part of rustup, but there might be parts that can be reused.
I said "part of rustup", not "in the toolchain". I think discussions on the risks you mention won't be effective in the rustup issue tracker. For organizations that worry about...
Might help. Do we have that in the release already? Would be great if we can get a minidump to narrow this down, too.