Stream: wg-secure-code

Topic: RustSec call graph analysis

Tony Arcieri (Jul 23 2019 at 23:52, on Zulip):

Given the recent RUSTSEC-2019-0011 shenanigans, I opened an issue about a potential integration between cargo-audit and Siderophile:

Tony Arcieri (Jul 23 2019 at 23:52, on Zulip):

/me and @Alex Gaynor are on a slack with several of their employees including their CEO, so this seems like something we might be able to pull off :wink:

Tony Arcieri (Jul 23 2019 at 23:53, on Zulip):

cc @Shnatsel since I think you recently mentioned Siderophile

Tony Arcieri (Jul 24 2019 at 00:04, on Zulip):

also opened an issue on their repo

Shnatsel (Jul 24 2019 at 12:02, on Zulip):

It sounds like splitting call graph analysis into a separate crate is the way to go. Many other things could benefit from it, such rustsec and cargo-geiger

Last update: Apr 04 2020 at 04:10UTC