Tony Arcieri
Tony Arcieri
@tristanz on browsers that implement `` correctly, its use should result in the sandboxed content receiving a unique origin even if content is loaded from the same origin as the...
@tristanz in that case, use CSP to ensure that scripts from the untrusted source can't run (and host all your own scripts on a separate domain which is whitelisted by...
That's great unless you don't want to `allow-scripts`
Yeah, something like that, gated under a cargo feature. I'm not sure how that'd manifest at the API layer, but maybe you could make a trait for the actual RPM...
@drahnr `librpmbuild` is effectively the reference implementation, so if nothing else, it'd be useful to compare whether the two backends produce equivalent outputs, but also it's more fully featured if...
It's a missing feature: `p256` lacks support for wide reductions. `crypto-bigint` now contains a generic implementation of modular arithmetic which should make it somewhat straightforward to implement.
Aah, we normally run a `minimal-versions` check but it seems this was missed for `p521`. A fix would require a backport since `master` currently has the next prerelease versions, but...
Yes, it is a bit weird it's inconsistent. Alternatively we could add `ecdh` to the default features of the other crates. The only drawback is the added `hkdf` dependency.
Note that as we're working on prereleases we tend to disable these checks as they're not particularly compatible with things like `[patch.crates-io]` directives that pull in crates from `git`
It will definitely require some tuning as `cargo hack` is, in cases like this, incredible overkill and generating nearly 10,000 feature combinations (though it seems it is finding some valid...