On Thu, Jun 28, 2018 at 11:42 PM, Nathan Froyd <nfr...@mozilla.com> wrote:
> We have generally trusted people to use good judgement in what they > use and how much review is required. Accordingly, I think you should > request review from the people who would normally review your code, > and if you have concerns about specific crates that are being > vendored, you should call those crates out as needing especial review. > If you or your reviewers think such reviews fall outside of your > comfort zone/area of expertise/Rust capabilities, please flag myself > or Ehsan, and we will work on finding people to help. > I know that enumerating badness is never a comprehensive solution; but maybe there could be a wiki page we could point people to for things that indicate something is doing something scary in Rust? This might let us crowd-source these reviews in a safer manner. For example, what would I look for in a crate to see if it was: - Adjusting memory permissions - Reading/writing to disk - Performing unsafe C/C++ pointer stuff - Performing network connections of any type - Calling out to syscalls or other kernel functions (especially win32k.sys functions on Windows) - (whatever else you can think of...) -tom _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
