wg
wg copied to clipboard
rust-secure-code
Coordination repository for the Secure Code Working Group
Folk are using this and seems the maintainer @svartalf seems MIA There seems to be at least one fork already by @djmitche / GothernburgBitFactory: https://github.com/actions-rs/audit-check/pull/221#issuecomment-1193138925 https://github.com/GothenburgBitFactory/taskwarrior/issues/2830#issuecomment-1179835614 Here: https://github.com/GothenburgBitFactory/audit-check Addressing: https://github.com/actions-rs/audit-check/issues/223...
EDIT: After @tarcieri comment I added "Deprecated" **I've been thinking of formal definitions** 1) Maintained (_currently exists as Unmaintained_) and 2) Deprecated (_currently does not exist_) As well as the...
I was wondering what else we could do as a WG to help crate maintainers to keep their crates secure. This was in combination with some governance stuff I had...
**Why? - or - The Target Problem(s) Statement** 1. Knowing what the binary *was* compiled with (transitive dependencies) in the past is hard for both the maintainer as well as...
**Just a wild idea** Would there be an interest of community _"hardened"_ or _"moderated"_ crates.io [registeries] reflector source that essentially filters to cargo automatically by-community-input on crates that are available...
Many widely used libraries use unsafe code where it's not strictly necessary. Typically this is done for performance reasons, i.e. there are currently no safe abstractions to achieve the goal...
# Description This is the list I managed to digest from the issues in our repository. But to be really honest, I feel like it is a bit messy somehow......
Reproducible builds would be useful for a number of different reasons: - Binary releases of Rust applications which can be independently verified for reproducibility - [Binary crates](https://github.com/rust-lang/cargo/issues/5654) - A community...
[clippy](https://github.com/rust-lang/rust-clippy) is a Rust linting tool designed to detect common Rust mistakes and provide helpful suggestions for how to improve code. A list of the lints it presently supports is...
We already have some excellent tooling for generating test cases for programs to make them blow up: - Parametric testing: [QuickCheck](https://github.com/BurntSushi/quickcheck) and [Proptest](https://github.com/altsysrq/proptest) - Fuzzing: [AFL](https://github.com/rust-fuzz/afl.rs), [libfuzzer](https://github.com/rust-fuzz/cargo-fuzz) and [honggfuzz](https://github.com/rust-fuzz/honggfuzz-rs) We...
Metadata
Owner
Metadata
Coordination repository for the Secure Code Working Group