Roman Zeyde
Roman Zeyde
IIUC, it is used by tiny_http: https://github.com/romanz/electrs/blob/e3ea3734721a177c0a44516ce16ddd1b5a91da68/Cargo.lock#L1154
It still doesn't work, since latest `tiny-http` doesn't pass `cargo audio` :disappointed: ``` $ git lg -1 * 9a2566c Richard Bradfield: (HEAD -> master, tag: 0.9.0, origin/master, origin/HEAD) Prepare for...
> Hmm, not a huge issue since we don't call `setenv`. We only need chrono for formatting logs, right? Agree - @tiny-http doesn't seem to be vulnerable (CC: @bradfier).
 for a new `chrono` release :)
> ... but you're correct, we only use `chrono` types in one place, where we use it to store a UTC date-time and then print it out in RFC 1123...
> Is there a way in the RUSTSEC database I can mark tiny-http as not vulnerable due to exactly how we use the library? Not sure, maybe it's possible to...
Maybe https://github.com/chronotope/chrono/issues/602#issuecomment-947688722 can help here...
IIUC, they provide continuous profiling-as-a-service: https://prodfiler.com/blog/introducing-prodfiler/ We can definitely use FOSS tools to reproduce those metrics :)
Consider using https://github.com/RCasatta/electrsd for launching `electrs` in tests.
Note that `getheaders` messages are ignored during IBD - unless the peer has `download` permission: ```c++ if (m_chainman.ActiveChainstate().IsInitialBlockDownload() && !pfrom.HasPermission(NetPermissionFlags::Download)) { LogPrint(BCLog::NET, "Ignoring getheaders from peer=%d because node is in...