On Tue, Jan 30, 2024 at 06:03:56PM +1100, David Disseldorp wrote: > cargo audit can be used to check bcachefs dependencies for > vulnerabilities published in the advisory database at > https://github.com/RustSec/advisory-db.git > > Given the significant size of dependency sources (currently ~292M), > manual audit is mostly unviable, so rely on this for now.
Not a good place for this, workflow-wise; I run make-release-tarball.sh after the new release is tagged and frequently after the tag is uploaded. This would better be run as some sort of cron job that emails results to the list when something is found.
