gecko-dev/supply-chain/config.toml

919 строки
21 KiB
TOML

# cargo-vet config file
[cargo-vet]
version = "0.7"
[imports.bytecode-alliance]
url = "https://raw.githubusercontent.com/bytecodealliance/wasmtime/main/supply-chain/audits.toml"
[imports.embark-studios]
url = "https://raw.githubusercontent.com/EmbarkStudios/rust-ecosystem/main/audits.toml"
[imports.google]
url = "https://raw.githubusercontent.com/google/supply-chain/main/audits.toml"
[imports.isrg]
url = "https://raw.githubusercontent.com/divviup/libprio-rs/main/supply-chain/audits.toml"
[imports.mozilla]
url = "https://raw.githubusercontent.com/mozilla/supply-chain/main/audits.toml"
[policy.autocfg]
audit-as-crates-io = true
notes = "This is the upstream code plus a few local fixes, see bug 1685697."
[policy.chardetng]
audit-as-crates-io = true
notes = "This is a crate Henri wrote which is also published. We should probably update Firefox to tip and certify that."
[policy.chardetng_c]
audit-as-crates-io = true
notes = "This is a crate Henri wrote which is also published. We should probably update Firefox to tip and certify that."
[policy.coremidi]
audit-as-crates-io = true
notes = "This is a pinned version of the upstream code, presumably to get a fix that hadn't been released yet. We should consider switching to the latest official release."
[policy.cssparser]
audit-as-crates-io = true
notes = "Upstream code plus nesting changes that haven't been published yet authored by us"
[policy.cssparser-macros]
audit-as-crates-io = true
notes = "Needed because this crate lives along cssparser"
[policy.d3d12]
audit-as-crates-io = true
notes = "Unpublished wgpu revisions point to unpublished d3d12 revisions."
[policy.firefox-on-glean]
audit-as-crates-io = false
notes = "The crates.io version of this is just a placeholder to allow public crates to depend on firefox-on-glean."
[policy.geckodriver]
audit-as-crates-io = false
criteria = "safe-to-run"
notes = "This is a first-party crate which is also published to crates.io. We certify audits for this crate as part of the documented release process, but that step happens after the version bump lands on central so we don't enforce it here. It's also used only for automation, so its subtree can be safe-to-run."
[policy.gkrust-gtest]
criteria = "safe-to-run"
notes = "Used for testing."
[policy.gkrust-shared]
dependency-criteria = { tokio-reactor = [], tokio-threadpool = [] }
notes = "The dependencies on tokio-reactor and tokio-threadpools are just a hack to pin the version used by audioipc-{client,server}. Suppress vetting on those for the same reasons behind the policy entries."
[policy.gluesmith]
criteria = "safe-to-run"
notes = "Used for fuzzing."
[policy.http3server]
criteria = "safe-to-run"
notes = "Used for testing."
[policy.l10nregistry]
dependency-criteria = { fluent-testing = "safe-to-run", tokio = "safe-to-run" }
notes = "This crate has two testing-only dependencies which are specified as regular-but-optional rather than a dev-dependencies, because they need to be available to both benchmarks and integration tests."
[policy.libudev-sys]
audit-as-crates-io = false
notes = "This override is an api-compatible fork with an orthogonal implementation."
[policy.marionette]
audit-as-crates-io = false
notes = "This is a first-party crate which is also published to crates.io. We certify audits for this crate as part of the documented release process, but that step happens after the version bump lands on central so we don't enforce it here."
[policy.midir]
audit-as-crates-io = true
notes = "This is a pinned version of the upstream code, presumably to get a fix that hadn't been released yet. We should consider switching to the latest official release."
[policy."mio:0.6.23"]
audit-as-crates-io = true
notes = "Version 0.6.23 is a local fork of upstream which just twiddles some dependencies."
[policy.mozbuild]
audit-as-crates-io = false
notes = "The crates.io version of this is just a placeholder to allow public crates to depend on mozbuild."
[policy.mozdevice]
audit-as-crates-io = false
notes = "This is a first-party crate which is also published to crates.io. We certify audits for this crate as part of the documented release process, but that step happens after the version bump lands on central so we don't enforce it here."
[policy.mozglue-static]
dependency-criteria = { rustc_version = "safe-to-run" }
notes = "The rustc_version dependency is only used in the build script, and does not generate any runtime code"
[policy.mozprofile]
audit-as-crates-io = false
notes = "This is a first-party crate which is also published to crates.io. We certify audits for this crate as part of the documented release process, but that step happens after the version bump lands on central so we don't enforce it here."
[policy.mozrunner]
audit-as-crates-io = false
notes = "This is a first-party crate which is also published to crates.io. We certify audits for this crate as part of the documented release process, but that step happens after the version bump lands on central so we don't enforce it here."
[policy.mozversion]
audit-as-crates-io = false
notes = "This is a first-party crate which is also published to crates.io. We certify audits for this crate as part of the documented release process, but that step happens after the version bump lands on central so we don't enforce it here."
[policy.mp4parse]
audit-as-crates-io = false
[policy.mp4parse_capi]
audit-as-crates-io = false
[policy.naga]
audit-as-crates-io = true
notes = "wgpu-core pins this crate."
[policy.packed_simd_2]
audit-as-crates-io = true
notes = "Based on upstream, see bug 1719674."
[policy.peek-poke]
audit-as-crates-io = false
[policy.peek-poke-derive]
audit-as-crates-io = false
[policy.pulse]
audit-as-crates-io = false
notes = "This is a first-party crate which is entirely unrelated to the crates.io package of the same name."
[policy.qcms]
audit-as-crates-io = true
notes = "This is a first-party crate which is also published to crates.io, but we should publish audits for it for the benefit of the ecosystem."
[policy.rure]
audit-as-crates-io = true
notes = "Identical to upstream, but with cdylib and staticlib targets disabled to avoid unnecessary build artifacts and linker errors."
[policy.selectors]
audit-as-crates-io = true
notes = "This is a first-party crate which is also published to crates.io, but we should publish audits for it for the benefit of the ecosystem."
[policy.servo_arc]
audit-as-crates-io = true
notes = "This is a first-party crate which is also published to crates.io, but we should publish audits for it for the benefit of the ecosystem."
[policy.smoosh]
criteria = "safe-to-run"
notes = "We're not shipping this and have no plans to ship it."
[policy.storage]
audit-as-crates-io = false
notes = "This is a first-party crate which is entirely unrelated to the crates.io package of the same name."
[policy.tabs]
audit-as-crates-io = false
notes = "This is a first-party crate, maintained by the appservices team, which is entirely unrelated to the crates.io package of the same name."
[policy.viaduct]
audit-as-crates-io = false
notes = "This is a first-party crate, maintained by the appservices team, which is entirely unrelated to the crates.io package of the same name."
[policy.warp]
audit-as-crates-io = true
notes = "This is a third-party crate, with an extra patch."
[policy.webdriver]
audit-as-crates-io = false
criteria = "safe-to-run"
notes = "This is a first-party crate which is also published to crates.io. We certify audits for this crate as part of the documented release process, but that step happens after the version bump lands on central so we don't enforce it here. It's also used only for automation, so its subtree can be safe-to-run."
[policy.webrender]
audit-as-crates-io = false
[policy.webrender_api]
audit-as-crates-io = false
[policy.webrender_build]
audit-as-crates-io = false
[policy.wgpu-core]
audit-as-crates-io = true
notes = "Upstream project which we pin."
[policy.wgpu-hal]
audit-as-crates-io = true
notes = "Upstream project which we pin."
[policy.wgpu-types]
audit-as-crates-io = true
notes = "Upstream project which we pin."
[policy.wr_malloc_size_of]
audit-as-crates-io = false
[[exemptions.adler]]
version = "1.0.2"
criteria = "safe-to-deploy"
[[exemptions.ahash]]
version = "0.7.6"
criteria = "safe-to-deploy"
[[exemptions.alsa]]
version = "0.4.3"
criteria = "safe-to-deploy"
[[exemptions.alsa-sys]]
version = "0.3.1"
criteria = "safe-to-deploy"
[[exemptions.android_log-sys]]
version = "0.2.0"
criteria = "safe-to-deploy"
[[exemptions.askama_derive]]
version = "0.11.2"
criteria = "safe-to-deploy"
[[exemptions.askama_escape]]
version = "0.10.3"
criteria = "safe-to-deploy"
[[exemptions.askama_shared]]
version = "0.12.2"
criteria = "safe-to-deploy"
[[exemptions.async-task]]
version = "4.0.3"
criteria = "safe-to-deploy"
[[exemptions.bincode]]
version = "1.3.3"
criteria = "safe-to-deploy"
[[exemptions.bitflags]]
version = "1.3.2"
criteria = "safe-to-deploy"
[[exemptions.bitreader]]
version = "0.3.6"
criteria = "safe-to-deploy"
[[exemptions.block]]
version = "0.1.6"
criteria = "safe-to-deploy"
[[exemptions.cache-padded]]
version = "1.2.0"
criteria = "safe-to-deploy"
[[exemptions.camino]]
version = "1.0.9"
criteria = "safe-to-deploy"
[[exemptions.chrono]]
version = "0.4.19"
criteria = "safe-to-deploy"
[[exemptions.chunky-vec]]
version = "0.1.0"
criteria = "safe-to-deploy"
[[exemptions.clang-sys]]
version = "1.3.3"
criteria = "safe-to-deploy"
[[exemptions.clap]]
version = "3.1.18"
criteria = "safe-to-deploy"
[[exemptions.clap_derive]]
version = "3.1.18"
criteria = "safe-to-deploy"
[[exemptions.clap_lex]]
version = "0.2.0"
criteria = "safe-to-deploy"
[[exemptions.cookie]]
version = "0.16.0"
criteria = "safe-to-run"
[[exemptions.coreaudio-sys]]
version = "0.2.10"
criteria = "safe-to-deploy"
[[exemptions.coremidi]]
version = "0.6.0@git:fc68464b5445caf111e41f643a2e69ccce0b4f83"
criteria = "safe-to-deploy"
[[exemptions.coremidi-sys]]
version = "3.1.0"
criteria = "safe-to-deploy"
[[exemptions.cose]]
version = "0.1.4"
criteria = "safe-to-deploy"
[[exemptions.cose-c]]
version = "0.1.5"
criteria = "safe-to-deploy"
[[exemptions.cpufeatures]]
version = "0.2.2"
criteria = "safe-to-deploy"
[[exemptions.crc32fast]]
version = "1.3.2"
criteria = "safe-to-deploy"
[[exemptions.crossbeam-channel]]
version = "0.5.4"
criteria = "safe-to-deploy"
[[exemptions.crossbeam-deque]]
version = "0.8.1"
criteria = "safe-to-deploy"
[[exemptions.crossbeam-epoch]]
version = "0.9.8"
criteria = "safe-to-deploy"
[[exemptions.crossbeam-utils]]
version = "0.8.8"
criteria = "safe-to-deploy"
[[exemptions.d3d12]]
version = "0.4.1"
criteria = "safe-to-deploy"
[[exemptions.darling]]
version = "0.13.4"
criteria = "safe-to-deploy"
[[exemptions.darling_core]]
version = "0.13.4"
criteria = "safe-to-deploy"
[[exemptions.darling_macro]]
version = "0.13.4"
criteria = "safe-to-deploy"
[[exemptions.dashmap]]
version = "4.0.2"
criteria = "safe-to-deploy"
[[exemptions.data-encoding]]
version = "2.3.2"
criteria = "safe-to-deploy"
[[exemptions.dbus]]
version = "0.6.5"
criteria = "safe-to-deploy"
[[exemptions.derive_more]]
version = "0.99.17"
criteria = "safe-to-deploy"
[[exemptions.devd-rs]]
version = "0.3.4"
criteria = "safe-to-deploy"
[[exemptions.digest]]
version = "0.10.3"
criteria = "safe-to-deploy"
[[exemptions.dirs]]
version = "4.0.0"
criteria = "safe-to-deploy"
[[exemptions.dirs-sys]]
version = "0.3.7"
criteria = "safe-to-deploy"
[[exemptions.dns-parser]]
version = "0.8.0"
criteria = "safe-to-deploy"
[[exemptions.enumset]]
version = "1.0.11"
criteria = "safe-to-deploy"
[[exemptions.enumset_derive]]
version = "0.6.0"
criteria = "safe-to-deploy"
[[exemptions.env_logger]]
version = "0.9.0"
criteria = "safe-to-deploy"
[[exemptions.error-chain]]
version = "0.12.4"
criteria = "safe-to-deploy"
[[exemptions.fallible-iterator]]
version = "0.2.0"
criteria = "safe-to-deploy"
[[exemptions.fallible-streaming-iterator]]
version = "0.1.9"
criteria = "safe-to-deploy"
[[exemptions.fallible_collections]]
version = "0.4.4"
criteria = "safe-to-deploy"
[[exemptions.ffi-support]]
version = "0.4.4"
criteria = "safe-to-deploy"
[[exemptions.float-cmp]]
version = "0.6.0"
criteria = "safe-to-deploy"
[[exemptions.fs-err]]
version = "2.7.0"
criteria = "safe-to-deploy"
[[exemptions.fuchsia-zircon]]
version = "0.3.3"
criteria = "safe-to-run"
[[exemptions.fuchsia-zircon-sys]]
version = "0.3.3"
criteria = "safe-to-run"
[[exemptions.futures]]
version = "0.3.21"
criteria = "safe-to-deploy"
[[exemptions.futures-macro]]
version = "0.3.21"
criteria = "safe-to-deploy"
[[exemptions.futures-task]]
version = "0.3.21"
criteria = "safe-to-deploy"
[[exemptions.futures-util]]
version = "0.3.21"
criteria = "safe-to-deploy"
[[exemptions.generic-array]]
version = "0.14.5"
criteria = "safe-to-deploy"
[[exemptions.getrandom]]
version = "0.2.6"
criteria = "safe-to-deploy"
[[exemptions.gl_generator]]
version = "0.14.0"
criteria = "safe-to-deploy"
[[exemptions.glsl]]
version = "6.0.1"
criteria = "safe-to-deploy"
[[exemptions.goblin]]
version = "0.1.3"
criteria = "safe-to-deploy"
[[exemptions.gpu-alloc]]
version = "0.5.3"
criteria = "safe-to-deploy"
[[exemptions.gpu-alloc-types]]
version = "0.2.0"
criteria = "safe-to-deploy"
[[exemptions.gpu-descriptor]]
version = "0.2.2"
criteria = "safe-to-deploy"
[[exemptions.gpu-descriptor-types]]
version = "0.1.1"
criteria = "safe-to-deploy"
[[exemptions.hashlink]]
version = "0.7.0"
criteria = "safe-to-deploy"
[[exemptions.hermit-abi]]
version = "0.1.19"
criteria = "safe-to-deploy"
[[exemptions.hexf-parse]]
version = "0.2.1"
criteria = "safe-to-deploy"
[[exemptions.ident_case]]
version = "1.0.1"
criteria = "safe-to-deploy"
[[exemptions.instant]]
version = "0.1.12"
criteria = "safe-to-deploy"
[[exemptions.ioctl-sys]]
version = "0.7.1"
criteria = "safe-to-deploy"
[[exemptions.itertools]]
version = "0.10.3"
criteria = "safe-to-deploy"
[[exemptions.khronos-egl]]
version = "4.1.0"
criteria = "safe-to-deploy"
[[exemptions.khronos_api]]
version = "3.1.0"
criteria = "safe-to-deploy"
[[exemptions.lazycell]]
version = "1.3.0"
criteria = "safe-to-deploy"
[[exemptions.libdbus-sys]]
version = "0.2.2"
criteria = "safe-to-deploy"
[[exemptions.libloading]]
version = "0.7.3"
criteria = "safe-to-deploy"
[[exemptions.libsqlite3-sys]]
version = "0.25.2"
criteria = "safe-to-deploy"
suggest = false
notes = "The in-gecko feature that we enable makes only pre-built bindings used, and none of the embedded C code is built. The build script was audited and is not doing anything besides exposing those bindings"
[[exemptions.libudev]]
version = "0.2.0"
criteria = "safe-to-deploy"
[[exemptions.line-wrap]]
version = "0.1.1"
criteria = "safe-to-run"
[[exemptions.lmdb-rkv-sys]]
version = "0.11.2"
criteria = "safe-to-deploy"
suggest = false
notes = "This crate is forked from another crate and not developed in-house. Given that LMDB-backed RKV is going away, we will probably never bother auditing this"
[[exemptions.mach]]
version = "0.3.2"
criteria = "safe-to-deploy"
[[exemptions.memalloc]]
version = "0.1.0"
criteria = "safe-to-deploy"
[[exemptions.memmap2]]
version = "0.5.4"
criteria = "safe-to-deploy"
[[exemptions.memoffset]]
version = "0.6.5"
criteria = "safe-to-deploy"
[[exemptions.metal]]
version = "0.23.1"
criteria = "safe-to-deploy"
[[exemptions.midir]]
version = "0.7.0"
criteria = "safe-to-deploy"
[[exemptions.mime_guess]]
version = "2.0.4"
criteria = "safe-to-deploy"
[[exemptions.minimal-lexical]]
version = "0.2.1"
criteria = "safe-to-deploy"
[[exemptions.miniz_oxide]]
version = "0.5.3"
criteria = "safe-to-deploy"
[[exemptions.mio]]
version = "0.8.0"
criteria = "safe-to-deploy"
[[exemptions.mio-extras]]
version = "2.0.6"
criteria = "safe-to-run"
[[exemptions.miow]]
version = "0.3.7"
criteria = "safe-to-deploy"
[[exemptions.murmurhash3]]
version = "0.0.5"
criteria = "safe-to-deploy"
[[exemptions.net2]]
version = "0.2.37"
criteria = "safe-to-run"
[[exemptions.nix]]
version = "0.15.0"
criteria = "safe-to-deploy"
[[exemptions.nom]]
version = "7.1.1"
criteria = "safe-to-deploy"
[[exemptions.ntapi]]
version = "0.3.7"
criteria = "safe-to-deploy"
[[exemptions.objc]]
version = "0.2.7"
criteria = "safe-to-deploy"
[[exemptions.objc_exception]]
version = "0.1.2"
criteria = "safe-to-deploy"
[[exemptions.object]]
version = "0.28.4"
criteria = "safe-to-deploy"
[[exemptions.once_cell]]
version = "1.12.0"
criteria = "safe-to-deploy"
[[exemptions.os_str_bytes]]
version = "6.1.0"
criteria = "safe-to-deploy"
[[exemptions.oslog]]
version = "0.1.0"
criteria = "safe-to-deploy"
[[exemptions.owning_ref]]
version = "0.4.1"
criteria = "safe-to-deploy"
[[exemptions.packed_simd_2]]
version = "0.3.7"
criteria = "safe-to-deploy"
[[exemptions.phf]]
version = "0.10.1"
criteria = "safe-to-deploy"
[[exemptions.phf_codegen]]
version = "0.10.0"
criteria = "safe-to-deploy"
[[exemptions.phf_generator]]
version = "0.10.0"
criteria = "safe-to-deploy"
[[exemptions.phf_macros]]
version = "0.10.0"
criteria = "safe-to-deploy"
[[exemptions.phf_shared]]
version = "0.10.0"
criteria = "safe-to-deploy"
[[exemptions.pin-project-lite]]
version = "0.2.9"
criteria = "safe-to-deploy"
[[exemptions.plain]]
version = "0.2.3"
criteria = "safe-to-deploy"
[[exemptions.plist]]
version = "1.3.1"
criteria = "safe-to-run"
[[exemptions.ppv-lite86]]
version = "0.2.16"
criteria = "safe-to-deploy"
[[exemptions.proc-macro-error]]
version = "1.0.4"
criteria = "safe-to-deploy"
[[exemptions.profiling]]
version = "1.0.6"
criteria = "safe-to-deploy"
[[exemptions.prost]]
version = "0.8.0"
criteria = "safe-to-deploy"
[[exemptions.prost-derive]]
version = "0.8.0"
criteria = "safe-to-deploy"
[[exemptions.qlog]]
version = "0.4.0"
criteria = "safe-to-deploy"
[[exemptions.quick-error]]
version = "1.2.3"
criteria = "safe-to-deploy"
[[exemptions.rand]]
version = "0.8.5"
criteria = "safe-to-deploy"
[[exemptions.rand_chacha]]
version = "0.3.1"
criteria = "safe-to-deploy"
[[exemptions.rand_core]]
version = "0.6.3"
criteria = "safe-to-deploy"
[[exemptions.redox_syscall]]
version = "0.2.13"
criteria = "safe-to-deploy"
[[exemptions.remove_dir_all]]
version = "0.5.3"
criteria = "safe-to-deploy"
[[exemptions.replace_with]]
version = "0.1.7"
criteria = "safe-to-deploy"
[[exemptions.ringbuf]]
version = "0.2.8"
criteria = "safe-to-deploy"
[[exemptions.ron]]
version = "0.7.0"
criteria = "safe-to-deploy"
[[exemptions.runloop]]
version = "0.1.0"
criteria = "safe-to-deploy"
[[exemptions.rusqlite]]
version = "0.27.0"
criteria = "safe-to-deploy"
[[exemptions.rust-ini]]
version = "0.10.3"
criteria = "safe-to-deploy"
[[exemptions.rust_decimal]]
version = "1.24.0"
criteria = "safe-to-deploy"
[[exemptions.scroll]]
version = "0.10.2"
criteria = "safe-to-deploy"
[[exemptions.scroll_derive]]
version = "0.10.5"
criteria = "safe-to-deploy"
[[exemptions.self_cell]]
version = "0.10.2"
criteria = "safe-to-deploy"
[[exemptions.serde_with]]
version = "1.14.0"
criteria = "safe-to-deploy"
[[exemptions.serde_with_macros]]
version = "1.5.2"
criteria = "safe-to-deploy"
[[exemptions.sfv]]
version = "0.9.2"
criteria = "safe-to-deploy"
[[exemptions.sha1]]
version = "0.10.0"
criteria = "safe-to-run"
[[exemptions.sha2]]
version = "0.10.2"
criteria = "safe-to-deploy"
[[exemptions.shlex]]
version = "1.1.0"
criteria = "safe-to-deploy"
[[exemptions.signal-hook-registry]]
version = "1.4.1"
criteria = "safe-to-run"
[[exemptions.siphasher]]
version = "0.3.10"
criteria = "safe-to-deploy"
[[exemptions.socket2]]
version = "0.4.4"
criteria = "safe-to-deploy"
[[exemptions.spirv]]
version = "0.2.0+1.5.4"
criteria = "safe-to-deploy"
[[exemptions.stable_deref_trait]]
version = "1.2.0"
criteria = "safe-to-deploy"
[[exemptions.static_assertions]]
version = "1.1.0"
criteria = "safe-to-deploy"
[[exemptions.strsim]]
version = "0.10.0"
criteria = "safe-to-deploy"
[[exemptions.tempfile]]
version = "3.3.0"
criteria = "safe-to-deploy"
[[exemptions.terminal_size]]
version = "0.1.17"
criteria = "safe-to-deploy"
[[exemptions.textwrap]]
version = "0.15.0"
criteria = "safe-to-deploy"
[[exemptions.time]]
version = "0.1.44"
criteria = "safe-to-deploy"
[[exemptions.time]]
version = "0.3.9"
criteria = "safe-to-run"
[[exemptions.time-macros]]
version = "0.2.4"
criteria = "safe-to-run"
[[exemptions.tokio]]
version = "1.17.0"
criteria = "safe-to-run"
[[exemptions.triple_buffer]]
version = "5.0.6"
criteria = "safe-to-deploy"
[[exemptions.type-map]]
version = "0.4.0"
criteria = "safe-to-deploy"
[[exemptions.typenum]]
version = "1.15.0"
criteria = "safe-to-deploy"
[[exemptions.unix_path]]
version = "1.0.1"
criteria = "safe-to-run"
[[exemptions.unix_str]]
version = "1.0.0"
criteria = "safe-to-run"
[[exemptions.url]]
version = "2.1.0"
criteria = "safe-to-deploy"
[[exemptions.uuid]]
version = "0.8.2"
criteria = "safe-to-deploy"
[[exemptions.webrtc-sdp]]
version = "0.3.9"
criteria = "safe-to-deploy"
[[exemptions.winapi]]
version = "0.3.9"
criteria = "safe-to-deploy"
[[exemptions.winapi-i686-pc-windows-gnu]]
version = "0.4.0"
criteria = "safe-to-deploy"
[[exemptions.winapi-x86_64-pc-windows-gnu]]
version = "0.4.0"
criteria = "safe-to-deploy"
[[exemptions.wio]]
version = "0.2.2"
criteria = "safe-to-deploy"
[[exemptions.xml-rs]]
version = "0.8.4"
criteria = "safe-to-deploy"
[[exemptions.yaml-rust]]
version = "0.4.5"
criteria = "safe-to-run"
[[exemptions.zip]]
version = "0.6.2"
criteria = "safe-to-run"