I'm in the process of writing my first Rust for Firefox, a standalone Windows service to be used for background updates. I've found a few good documents on how to handle the build technically, but I'm unclear on what process we use to review external crates. If there are general guidelines for external libraries in any language I'd appreciate pointers to that as well.
More specifically: * Already vendored crates Can I assume any crates we have already in mozilla-central are ok to use? Last year there was a thread that mentioned making a list of "sanctioned" crates, did that ever come about? * Updates I need winapi 0.3.5 for BITS support, currently third_party/rust/winapi is 0.3.4. There should be no problem updating it, but should I have this reviewed by the folks who originally vendored it into mozilla-central? * New crates I'd like to use the windows-service crate, which seems well written and has few dependencies, but the first 0.1.0 release was just a few weeks ago. I'd like to have that reviewed at least as carefully as my own code, particularly given how much unsafety there is, but where do I draw the line? For instance, it depends on "widestring", which is small and has been around for a while but isn't widely used, should I have that reviewed internally as well? Is popularity a reasonable measure? Thanks! -Adam Gashlin _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
