GNU bug report logs - #53899
[PATCH 01/30] gnu: Add rust-platforms-2.

Previous Next

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 53899 in the body.
You can then email your comments to 53899 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: phodina <phodina <at> protonmail.com>
To: Guix Patches <guix-patches <at> gnu.org>
Subject: [PATCH 01/30] gnu: Add rust-platforms-2.
Date: Wed, 09 Feb 2022 16:01:20 +0000

[Message part 1 (text/plain, inline)]

Hi,

These patches add new cargo utility to audit the security of rust crates.

Maybe it could be integrated into the guix lint command to increase the auditing of rust ecosystem in GNU Guix.

However, I do see one downside as this would create coupling on rust which might be problematic e.g. on Aarch64 architecture and it would also increase the complexity and build time for guix package.

Nevertheless it can be used on it's own.

----
Petr

[Message part 2 (text/html, inline)]

[0001-gnu-Add-rust-platforms-2.patch (text/x-patch, attachment)]

[0002-gnu-Add-rust-humantime-serde-1.patch (text/x-patch, attachment)]

[0017-gnu-rust-error-chain-Update-to-0.12.4.patch (text/x-patch, attachment)]

[0003-gnu-Add-rust-fs-err-2.patch (text/x-patch, attachment)]

[0018-gnu-Add-rust-cargo-edit-0.8.patch (text/x-patch, attachment)]

[0006-gnu-Add-rust-gumpdrop-0.8.patch (text/x-patch, attachment)]

[0022-gnu-Add-rust-gumdrop-0.7.patch (text/x-patch, attachment)]

[0021-gnu-Add-rust-gumdrop-derive-0.7.patch (text/x-patch, attachment)]

[0007-gnu-Add-rust-cargo-lock-7.patch (text/x-patch, attachment)]

[0010-gnu-Add-rust-vec1-1.patch (text/x-patch, attachment)]

[0019-gnu-Add-rust-rustsec-0.25.patch (text/x-patch, attachment)]

[0026-gnu-Add-rust-abscissa-derive-0.5.patch (text/x-patch, attachment)]

[0009-gnu-Add-rust-ureq-1.patch (text/x-patch, attachment)]

[0005-gnu-Add-rust-gumdrop-derive-0.8.patch (text/x-patch, attachment)]

[0024-gnu-Add-rust-canonical-path-2.patch (text/x-patch, attachment)]

[0029-gnu-rust-tracing-subscriber-0.1-Add-inputs.patch (text/x-patch, attachment)]

[0016-gnu-rust-assert-fs-1-Update-to-1.0.5.patch (text/x-patch, attachment)]

[0014-gnu-Add-rust-smartstring-0.2.patch (text/x-patch, attachment)]

[0028-gnu-rust-tracing-log-0.1-Fix-cargo-inputs.patch (text/x-patch, attachment)]

[0023-gnu-Add-rust-generational-arena-0.2.patch (text/x-patch, attachment)]

[0004-gnu-Add-rust-cvss-1.patch (text/x-patch, attachment)]

[0020-gnu-Add-rust-secrecy-0.6.patch (text/x-patch, attachment)]

[0015-gnu-Add-rust-crates-index-0.17.patch (text/x-patch, attachment)]

[0025-gnu-Add-rust-color-backtrace-0.3.patch (text/x-patch, attachment)]

[0030-gnu-Add-rust-cargo-audit-0.16.patch (text/x-patch, attachment)]

[0013-gnu-Add-rust-env-proxy-0.4.patch (text/x-patch, attachment)]

[0012-gnu-Add-rust-subprocess-0.2.patch (text/x-patch, attachment)]

[0011-gnu-Add-rust-toml-edit-0.3.patch (text/x-patch, attachment)]

[0008-gnu-Add-rust-qstring-0.7.patch (text/x-patch, attachment)]

[0027-gnu-Add-rust-abscissa-core-0.5.patch (text/x-patch, attachment)]

Message #8 received at 53899 <at> debbugs.gnu.org (full text, mbox):

From: phodina <phodina <at> protonmail.com>
To: "mail <at> nicolasgoaziou.fr" <mail <at> nicolasgoaziou.fr>,
 "53899 <at> debbugs.gnu.org" <53899 <at> debbugs.gnu.org>
Subject: Cargo-audit
Date: Sun, 20 Feb 2022 12:55:40 +0000

[Message part 1 (text/plain, inline)]

Hi Nicolas,

thanks for merging the patch set.

Btw any remarks on integration of cargo-audit with guix lint? Good/bad idea (adding Rust as dependency) ...

Also can this issue now be closed?

----
Petr

[Message part 2 (text/html, inline)]

Message #11 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Nicolas Goaziou <mail <at> nicolasgoaziou.fr>
To: phodina via Guix-patches via <guix-patches <at> gnu.org>
Cc: 53899-done <at> debbugs.gnu.org, phodina <phodina <at> protonmail.com>
Subject: Re: [bug#53899] [PATCH 01/30] gnu: Add rust-platforms-2.
Date: Tue, 22 Feb 2022 11:44:24 +0100

Hello,

phodina via Guix-patches via <guix-patches <at> gnu.org> writes:

> These patches add new cargo utility to audit the security of rust crates.
>
> Maybe it could be integrated into the guix lint command to increase the auditing of rust ecosystem in GNU Guix.
>
> However, I do see one downside as this would create coupling on rust
> which might be problematic e.g. on Aarch64 architecture and it would
> also increase the complexity and build time for guix package.
>
> Nevertheless it can be used on it's own.

I applied the whole set minus "gnu: rust-tracing-subscriber-0.1: Add
inputs", as I couldn't make sense out of it and it didn't seem necessary
anyway.

I slightly changed a couple of synopsis and descriptions, removing words
in the former and adding Texinfo markup to the latter.

Thanks!

Regards,
-- 
Nicolas Goaziou

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.