During the MIR team meeting we discussed if this package actually needed a security review or not, and we decided to just give it a quick skim for a "gut check", rather than the full process.
It has the sort of very intricate C-string handling code that makes you wish it were written in Rust. But, it looks careful, and about the only thing I can think that would improve it is to change the memory allocation in routines such as get_vm_counters() and read_cmdlines() so that buffers aren't allocated, potentially grown, and discarded over and over again. (But maybe that's just my familiarity with Rust's easy and safe ability to re-use memory speaking.) Let's skip a more detailed look. Security team ACK to promote iotop-c to main. Thanks -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2137520 Title: [MIR] iotop-c To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/iotop-c/+bug/2137520/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
