Ionuț Mihalcea

I'll try to write-up my notes and thoughts on this, I'm currently digging a bit deeper in the Rust ecosystem for this.

Hi all, apologies for the long delay. I've made a markdown version with some guidance on build-time dependency vulnerabilities available [here](https://hackmd.io/@VOkN52x7RbeXS-3vr4XOgg/BJBDNYK0F). Feel free to comment/modify as you please. It's fairly...

Alright, I have finally opened that PR, many apologies for the delay

I'm dealing with the same kind of issue - trying to figure out how to report to potential users about a vulnerability in our dependency tree. (My problem is compounded...

> Is there a standard for documenting how upstream dependency vulnerabilities impact a given crate, so that users of the crate know (a) the authors are aware and (b) they...

Hi! Somewhat tangentially related to the original question - you could access hardware backends using [Parsec](https://github.com/parallaxsecond/parsec). We're building this CNCF project with the exact goal of allowing applications abstracted access...

Hello! We've been trying to create a replacement for `pkcs11` in [`cryptoki`](https://github.com/parallaxsecond/rust-cryptoki) because of the security issues we found while using it, and because the maintainer of that crate seems...

If you do find any (security) issues with the crate please feed that back 🙏🏻 Thanks!

Actually...! We just realised that we had tested with your crate on a PKCS11 implementation that only supports part of the functions and it worked - this was some time...

Hi! That's an interesting idea! The TL;DR is that we don't support this and as far as I can tell, it would be a bit of work to support in...