On Tue, Jan 17, 2023 at 6:08 PM Randy MacLeod <randy.macl...@windriver.com> wrote:
> <snip> > > The Rust developers / community seems to want their software to work in a > similar way. > They have a quite exhaustive test suite (Crater) to check for regressions. > I'll look for some actual test results from Crater and reply here when I > find them. > There is a Crater <https://github.com/rust-lang/crater> chapter in the Rust docs <https://rustc-dev-guide.rust-lang.org/tests/crater.html> I haven't found any test runs/results in their GitHub actions yet... There is rust-toolstate <https://github.com/rust-lang-nursery/rust-toolstate>, but it only shows the status per commit, not the test case results. Ah, perhaps these are the Crater tests? https://github.com/rust-lang-ci/rust/actions <https://github.com/rust-lang-ci/rust/actions> > I not sure what to make of the "Rust Editions" and how they'd fit into our > distro support > but the clear mandate from upstream is that only the 'stable' release is > supported. > > https://doc.rust-lang.org/edition-guide/editions/index.html > > I think there's an argument to be made that until Rust releases 2.x, we > just update > to the latest version. If you haven't please read: > > > https://internals.rust-lang.org/t/cargo-cve-2022-46176-fix-for-older-releases/18152/3?u=sundeep-kokkonda > Fedora's Josh Stone mentioned that they keep the latest rust <https://src.fedoraproject.org/rpms/rust> packaged for all supported Fedora releases: https://packages.fedoraproject.org/pkgs/rust/rust/ Debian is on 1.64 even for experimental <https://salsa.debian.org/rust-team/rust>. Stable releases are on _much_ older versions <https://tracker.debian.org/pkg/rustc>. Ubuntu <https://launchpad.net/ubuntu/+source/rustc> is on 1.65. It will be interesting to see what the distros do to handle this situation. <snip> > > Sundeep, > > Please also try to backporting the fixes to say Cargo/Rust for kirkstone. > This CVE resulted in ~10 patches so it's hopefully one > of the more complicated back ports and will prove to be a good test case. > > The patch series for CVE-2022-46176 <https://github.com/rust-lang/wg-security-response/tree/main/patches/CVE-2022-46176> > ../Randy > > <snip> > > -- > # Randy MacLeod > # Wind River Linux > > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#176702): https://lists.openembedded.org/g/openembedded-core/message/176702 Mute This Topic: https://lists.openembedded.org/mt/96218038/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-