mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
gecko-dev/supply-chain/audits.toml

296 строки
9.5 KiB
TOML
Исходник Ответственный История

# cargo-vet audits file
[[audits.android_logger]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
version = "0.11.0"
notes = "Small crate, wrapping Android log functionality, reviewed by janerik"
[[audits.android_system_properties]]
who = "Nicolas Silva <nical@fastmail.com>"
criteria = "safe-to-deploy"
version = "0.1.2"
notes = "I wrote this crate, reviewed by jimb. It is mostly a Rust port of some C++ code we already ship."
[[audits.app_units]]
who = "Emilio Cobos Álvarez <emilio@crisal.io>"
criteria = "safe-to-deploy"
version = "0.7.1"
notes = """
I'm pretty familiar with this crate. It provides a fixed-point numeric type.
The code is pretty straight-forward, there's no unsafe code at all.
"""
[[audits.arbitrary]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-run"
delta = "1.1.0 -> 1.1.1"
[[audits.atomic_refcell]]
who = "Bobby Holley <bholley@mozilla.com>"
criteria = "safe-to-deploy"
version = "0.1.8"
notes = "I maintain this crate and have reviewed every line."
[[audits.bindgen]]
who = "Emilio Cobos Álvarez <emilio@crisal.io>"
criteria = "safe-to-deploy"
version = "0.59.2"
notes = "I'm the primary author and maintainer of the crate."
[[audits.bit-set]]
who = "Aria Beingessner <a.beingessner@gmail.com>"
criteria = "safe-to-deploy"
version = "0.5.2"
notes = "Another crate I own via contain-rs that is ancient and maintenance mode, no known issues."
[[audits.bit-vec]]
who = "Aria Beingessner <a.beingessner@gmail.com>"
criteria = "safe-to-deploy"
version = "0.6.3"
notes = "Another crate I own via contain-rs that is ancient and in maintenance mode but otherwise perfectly fine."
[[audits.build-parallel]]
who = "Jeff Muizelaar <jmuizelaar@mozilla.com>"
criteria = "safe-to-deploy"
version = "0.1.2"
[[audits.clap_lex]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.2.0 -> 0.2.2"
[[audits.cstr]]
who = "Emilio Cobos Álvarez <emilio@crisal.io>"
criteria = "safe-to-deploy"
version = "0.2.10"
notes = """
I've reviewed the code of the crate thoroughly. It generates an unsafe block
which is statically guaranteed to be safe. Inputs to the macro have to be
static so there's no uncontrolled input whatsoever.
"""
[[audits.derive_arbitrary]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-run"
delta = "1.1.0 -> 1.1.1"
[[audits.dogear]]
who = "Sammy Khamis <skhamis@mozilla.com>"
criteria = "safe-to-deploy"
delta = "0.4.0 -> 0.5.0"
notes = "The repository for this crate belongs in the Mozilla org."
[[audits.getrandom]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.2.6 -> 0.2.7"
[[audits.glean]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
version = "50.1.0"
notes = "Maintained by the Glean team at Mozilla"
[[audits.glean]]
who = "Travis Long <tlong@mozilla.com>"
criteria = "safe-to-deploy"
version = "50.1.2"
notes = "Maintained by the Glean team at Mozilla"
[[audits.glean-core]]
who = "Jan-Erik Rediger <jrediger@mozilla.com>"
criteria = "safe-to-deploy"
version = "50.1.0"
notes = "Maintained by the Glean team at Mozilla"
[[audits.glean-core]]
who = "Travis Long <tlong@mozilla.com>"
criteria = "safe-to-deploy"
version = "50.1.2"
notes = "Maintained by the Glean team at Mozilla"
[[audits.linked-hash-map]]
who = "Aria Beingessner <a.beingessner@gmail.com>"
criteria = "safe-to-deploy"
version = "0.5.4"
notes = "I own this crate (I am contain-rs) and 0.5.4 passes miri. This code is very old and used by lots of people, so I'm pretty confident in it, even though it's in maintenance-mode and missing some nice-to-have APIs."
[[audits.log]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
version = "0.4.17"
[[audits.malloc_size_of_derive]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
version = "0.1.2"
notes = """
This was originally servo code which I put on crates.io some years ago but didn't
examine at the time, so I examined it now. I didn't perform a full logic review
but convinced myself that any generated code will be entirely safe to deploy.
"""
[[audits.matches]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
version = "0.1.9"
notes = "This is a trivial crate."
[[audits.naga]]
who = "Dzmitry Malyshau <kvark@fastmail.com>"
criteria = "safe-to-deploy"
version = "0.8.0"
notes = """
This crate, up through the indicated version, was written or reviewed
by Dzmitry Malyshau while he was a Mozilla employee. Dzmitry left
Mozilla at the beginning of February 2022. This audit statement was
collected by Jim Blandy, a Mozilla employee, over email in July 2022:
Dzmitry was shown, and agreed to, the 'safe-to-deploy' text.
"""
[[audits.new_debug_unreachable]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
version = "1.0.4"
notes = "This is a trivial crate."
[[audits.origin-trial-token]]
who = "Emilio Cobos Álvarez <emilio@crisal.io>"
criteria = "safe-to-deploy"
version = "0.1.1"
notes = """
I'm the author of the crate. The only unsafe code is a view over a byte array
which is properly validated.
Cryptography shenanigans are delegated to the caller so there's no possible
unsoundness there.
"""
[[audits.precomputed-hash]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
version = "0.1.1"
notes = "This is a trivial crate."
[[audits.rust_decimal]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.24.0 -> 1.25.0"
[[audits.semver]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.0.9 -> 1.0.10"
[[audits.thin-vec]]
who = "Aria Beingessner <a.beingessner@gmail.com>"
criteria = "safe-to-deploy"
version = "0.2.5"
notes = "I own this crate, and most of its versions were codeveloped and reviewed by Nika Layzell. This version was not explicitly reviewed by her, but it was specifically a release that made the code pass miri and was reviewed by me. Firefox uses it in the gecko-ffi configuration which is less thoroughly tested and more dangerous but we're reasonably confident in it. The real danger is from C++ code failing to use it correctly in FFI but that's just how FFI is."
[[audits.tracy-rs]]
who = "Glenn Watson <git@intuitionlibrary.com>"
criteria = "safe-to-deploy"
version = "0.1.2"
[[audits.uluru]]
who = "Emilio Cobos Álvarez <emilio@crisal.io>"
criteria = "safe-to-deploy"
version = "3.0.0"
notes = """
I've reviewed multiple patches in this crate, including the initial
implementation back in the day. It has no unsafe code at all nowadays.
"""
[[audits.unicode-ident]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "1.0.0 -> 1.0.1"
[[audits.unicode-normalization]]
who = "Mike Hommey <mh+mozilla@glandium.org>"
criteria = "safe-to-deploy"
delta = "0.1.19 -> 0.1.20"
notes = "I am the author of most of these changes upstream, and prepared the release myself, at which point I looked at the other changes since 0.1.19."
[[audits.uniffi]]
who = "Travis Long <tlong@mozilla.com>"
criteria = "safe-to-deploy"
version = "0.19.3"
notes = "Maintained by the Glean and Application Services teams"
[[audits.uniffi_bindgen]]
who = "Travis Long <tlong@mozilla.com>"
criteria = "safe-to-deploy"
version = "0.19.3"
notes = "Maintained by the Glean and Application Services teams."
[[audits.uniffi_build]]
who = "Travis Long <tlong@mozilla.com>"
criteria = "safe-to-deploy"
version = "0.19.3"
notes = "Maintained by the Glean and Application Services teams."
[[audits.uniffi_macros]]
who = "Travis Long <tlong@mozilla.com>"
criteria = "safe-to-deploy"
version = "0.19.3"
notes = "Maintained by the Glean and Application Services teams."
[[audits.void]]
who = "Bobby Holley <bobbyholley@gmail.com>"
criteria = "safe-to-deploy"
version = "1.0.2"
notes = "Very small crate, just hosts the Void type for easier cross-crate interfacing."
[[audits.webdriver]]
who = "Henrik Skupin <mail@hskupin.info>"
criteria = "safe-to-deploy"
version = "0.46.0"
notes = "Maintained by the DevTools team at Mozilla and has no unsafe code."
[[audits.weedle2]]
who = "Travis Long <tlong@mozilla.com>"
criteria = "safe-to-deploy"
version = "3.0.0"
notes = "Maintained by the Glean and Application Services teams."
[[audits.wgpu-core]]
who = "Dzmitry Malyshau <kvark@fastmail.com>"
criteria = "safe-to-deploy"
version = "0.12.0"
notes = """
This crate, up through the indicated version, was written or reviewed
by Dzmitry Malyshau while he was a Mozilla employee. Dzmitry left
Mozilla at the beginning of February 2022. This audit statement was
collected by Jim Blandy, a Mozilla employee, over email in July 2022:
Dzmitry was shown, and agreed to, the 'safe-to-deploy' text.
"""
[[audits.wgpu-hal]]
who = "Dzmitry Malyshau <kvark@fastmail.com>"
criteria = "safe-to-deploy"
version = "0.12.0"
notes = """
This crate, up through the indicated version, was written or reviewed
by Dzmitry Malyshau while he was a Mozilla employee. Dzmitry left
Mozilla at the beginning of February 2022. This audit statement was
collected by Jim Blandy, a Mozilla employee, over email in July 2022:
Dzmitry was shown, and agreed to, the 'safe-to-deploy' text.
"""
[[audits.wgpu-types]]
who = "Dzmitry Malyshau <kvark@fastmail.com>"
criteria = "safe-to-deploy"
version = "0.12.0"
notes = """
This crate, up through the indicated version, was written or reviewed
by Dzmitry Malyshau while he was a Mozilla employee. Dzmitry left
Mozilla at the beginning of February 2022. This audit statement was
collected by Jim Blandy, a Mozilla employee, over email in July 2022:
Dzmitry was shown, and agreed to, the 'safe-to-deploy' text.
"""
Ссылка в новой задаче Показать git blame Копировать постоянную ссылку