Stream: t-compiler/wg-rls-2.0

Topic: cargo deny

std::Veetaha (Apr 29 2020 at 13:59, on Zulip):

Hey guys, has anyone ever used cargo-deny as I see it is a superset of cargo-audit, isn't it (i.e. cargo-auditis no loger needed when we have cargo-deny)?

std::Veetaha (Apr 29 2020 at 15:22, on Zulip):

Tried cargo-deny and it is inherently awesome!

std::Veetaha (Apr 29 2020 at 15:37, on Zulip):

@matklad we should give it ago instead of cargo audit. It provides not only vulnerabilities scan, but also scan for duplicated deps versions, bad licences and very flexible user-friendly configuration. Embark guys are awesome :heart:

matklad (Apr 29 2020 at 15:39, on Zulip):

tbh, I am not entirely convinced that we need even cargo audit.

std::Veetaha (Apr 29 2020 at 15:42, on Zulip):

So now you don't care about vulnerabilities :smiling_devil:?

matklad (Apr 29 2020 at 15:45, on Zulip):

In Rust crates -- not really. I am generally on top of things here:I read our Cargo.lock pretty regularly, and I know which each dependency does and why it is there.

std::Veetaha (Apr 29 2020 at 16:06, on Zulip):

I am not sure you are better then cargo-deny, but whatever

Last update: Oct 28 2020 at 18:15UTC