On Sat, Jun 30, 2018 at 9:35 AM, Lars Bergstrom <[email protected]> wrote:
> > > On Fri, Jun 29, 2018 at 8:33 AM, Tom Ritter <[email protected]> wrote: > > > > > I know that enumerating badness is never a comprehensive solution; but > > maybe there could be a wiki page we could point people to for things that > > indicate something is doing something scary in Rust? This might let us > > crowd-source these reviews in a safer manner. For example, what would I > > look for in a crate to see if it was: > > - Adjusting memory permissions > > - Reading/writing to disk > > - Performing unsafe C/C++ pointer stuff > > - Performing network connections of any type > > - Calling out to syscalls or other kernel functions (especially > win32k.sys > > functions on Windows) > > - (whatever else you can think of...) > > <https://lists.mozilla.org/listinfo/dev-platform> > > > > Building on that, is there a list of crates that should *never* be > included in Firefox that you could scan for? Such as, anything that is not > nss (openssl bindings) or necko (use of a different network stack that > might not respect proxies, threading concerns, etc.)? Is this a crate-specific issue? Suppose that someone decided to land a new C++ networking stack, that would presumably also be bad but should be caught in code review, no? -Ekr _______________________________________________ > dev-platform mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-platform > _______________________________________________ dev-platform mailing list [email protected] https://lists.mozilla.org/listinfo/dev-platform
