pinkforest(she/her)
pinkforest(she/her)
Came across while investigating this: https://github.com/rustsec/advisory-db/issues/1394 https://github.com/paritytech/parity-common/issues/364 Both Github repository and crates.io readme contains a big warning: https://github.com/paritytech/parity-common/tree/master/parity-util-mem https://crates.io/crates/parity-util-mem @dvdplm would it be helpful to put out an `informational =...
e.g. ansi_term we provided informational advisory: https://rustsec.org/advisories/RUSTSEC-2021-0139.html But GHSA has different intepretation / representation: https://github.com/advisories/GHSA-74w3-p89x-ffgh It's an advisory as others but it should be represented in canonical way as RustSec...
Follow-Up from: https://github.com/github/advisory-database/issues/683 as another issue We typically strive hard to include actionable advice as to any fixes if any on informational advisories. Currently GHSA Is omitting to include that...
Following-up from: https://github.com/rustsec/rustsec/pull/682 We just imported a lot of CVSS classifications from NVD and I think this is covered by a CC-BY-4.0 license. But this deserves it's separate issue -...
Coming up from: https://github.com/rustsec/rustsec/pull/682 We should just deprecate `source` since it's not used and our current policy is crates.io `registry` only. Or even rename it - Like will we ever...
https://github.com/rustsec/advisory-db/issues/1404 It would be nice to associate / indicate perhaps minimum rust version which may be perhaps unaffected I know we can always describe this manually but some automatic way...
https://github.com/rustsec/advisory-db/pull/1378 Should enforce `withdrawn = "YYYY-MM-DD"` pattern Do we grab that from the last commit or maybe linter should check into the index that id assingments are intact ?
When we do advisories especially w/o fix e.g. unmaintained we typically do a plurb around the "Possible alternatives" and many variations of it This leads to a lot of logistics...
So macros can be unsound e.g. cell-project - gathering ones we need to adjust from `functions = {}` in case we support macros in the future: https://github.com/rustsec/advisory-db/pull/1391 Currently we are...
**Two reasons** One is that the presentation layer is naively using the `date` field which reasonable person would expect to be when the advisory was published however it is the...