** Summary changed: - Enable cargo-auditable support for several important Rust packages + [FFE] Enable cargo-auditable support for several important Rust packages
** Description changed: Hello, For the past cycle I have been working on patching in cargo-auditable support to dh-cargo. Cargo-auditable is a tool that embeds dependency metadata into Rust binaries.[1] This is invaluable in the aftermath of a CVE, as it lets you know at-a-glance if a binary may have been compromised. It's also great for curious users! For 26.04, cargo-auditable will be *opt-in.* Developers of Rust packages that build using dh-cargo can export `UBUNTU_ENABLE_CARGO_AUDITABLE=1` near the top of their d/rules, and including `Build-Depends: cargo- auditable` in d/control. + [1]: https://github.com/rust-secure-code/cargo-auditable + + ## FFE ## + This bug tracks the FFE to enable cargo-auditable for the following popular Rust packages: - rust-alacritty - rust-bat - rust-du-dust - rust-eza - rust-fd-find - rust-hyperfine - rust-ripgrep - rust-sd - rust-sudo-rs - [1]: https://github.com/rust-secure-code/cargo-auditable + This FFE is necessary because getting cargo-auditable support in is a + 26.04 roadmap item, and we want developers to have easy access to tools + to make their packages more secure. + + You can see the packages building here: + https://launchpad.net/~petrakat/+archive/ubuntu/cargo-auditable-prod- + test + + There is no upstream changelog, as this is an Ubuntu-only change. ** Summary changed: - [FFE] Enable cargo-auditable support for several important Rust packages + FFe: Enable cargo-auditable support for several important Rust packages ** Description changed: Hello, For the past cycle I have been working on patching in cargo-auditable support to dh-cargo. Cargo-auditable is a tool that embeds dependency metadata into Rust binaries.[1] This is invaluable in the aftermath of a CVE, as it lets you know at-a-glance if a binary may have been compromised. It's also great for curious users! For 26.04, cargo-auditable will be *opt-in.* Developers of Rust packages that build using dh-cargo can export `UBUNTU_ENABLE_CARGO_AUDITABLE=1` near the top of their d/rules, and including `Build-Depends: cargo- auditable` in d/control. [1]: https://github.com/rust-secure-code/cargo-auditable - ## FFE ## + ## FFe ## - This bug tracks the FFE to enable cargo-auditable for the following popular Rust packages: + This bug tracks the FFe to enable cargo-auditable for the following popular Rust packages: - rust-alacritty - rust-bat - rust-du-dust - rust-eza - rust-fd-find - rust-hyperfine - rust-ripgrep - rust-sd - rust-sudo-rs - This FFE is necessary because getting cargo-auditable support in is a + This FFe is necessary because getting cargo-auditable support in is a 26.04 roadmap item, and we want developers to have easy access to tools to make their packages more secure. You can see the packages building here: https://launchpad.net/~petrakat/+archive/ubuntu/cargo-auditable-prod- test There is no upstream changelog, as this is an Ubuntu-only change. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2145317 Title: FFe: Enable cargo-auditable support for several important Rust packages To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+bug/2145317/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
