Package: cargo Version: 0.43.1-3 Severity: wishlist Hello fellow Rustaceans!
Because cargo has a direct dependency on OpenSSL, it seems logical that we should switch the priority of openssl and gnutls so Cargo, at least by default, isn't building against two different TLS implementations. This is especially important considering GnuTLS has had some painful security incidents recently: CVE-2020-13777 in particular. Should just require switching the order of the libcurl dep in d/control. Sincerely, -- System Information: Debian Release: bullseye/sid APT prefers testing APT policy: (900, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 5.6.0-2-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages cargo depends on: ii binutils 2.34-8 ii gcc [c-compiler] 4:9.2.1-3.1 ii gcc-8 [c-compiler] 8.4.0-4 ii gcc-9 [c-compiler] 9.3.0-13 ii libc6 2.30-8 ii libcurl3-gnutls 7.68.0-1 ii libgcc-s1 10.1.0-1 ii libgit2-28 0.28.5+dfsg.1-1 ii libssh2-1 1.8.0-2.1 ii libssl1.1 1.1.1g-1 ii rustc 1.42.0+dfsg1-1 ii zlib1g 1:1.2.11.dfsg-2 cargo recommends no packages. Versions of packages cargo suggests: pn cargo-doc <none> ii python3 3.8.2-3 -- no debconf information
