Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Reconsider criteria to align with GHSA #1813

Open
djc opened this issue Oct 31, 2023 · 1 comment
Open

Reconsider criteria to align with GHSA #1813

djc opened this issue Oct 31, 2023 · 1 comment

Comments

@djc
Copy link
Contributor

djc commented Oct 31, 2023

In #1808, it became clear that at least two separate people (one of which was me) got confused by the fact that a GHSA was issued for rustix without a RustSec advisory being published. The maintainer made a (convincing) argument that the issue didn't meet the RustSec criteria. IMO it's unfortunate if the RustSec advisory database is "incomplete" in that issues for which GHSAs were filed are not included.

Opening this issue to discuss what could be done about this.
@djc djc mentioned this issue Oct 31, 2023
Closed
@tarcieri
Copy link
Member

It's a tricky question. If something like rustsec/rustsec#656 were to ship, I'm curious how practical manual curation based on our current polices would actually be

cc @amousset

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tarcieri @djc