I am the maintainer of docker_extract. docker_extract is a rather simple crate which
heavily relies on the safety of the tar crate dependency.

It looks to me like the tar crate is very conscious about security.
By design, they do not allow '..' sequences in paths in order to avoid path traversals issues.
I do not consider myself an expert on source code auditing, so I give this review only a medium understanding.

I am the maintainer of libdb. libdb is an idiomatic rust wrapper for Berkeley DB.
It uses unsafe ffi methods from libdb-sys.

The underlying code was forked from Jesse Morgan, who allowed me to modify it and publish it to crates.io.
I do not fully understand every aspect of Jesse Morgan's original code and I mainly added new features.
That is why I can only rate this with a medium understanding value.

As this crate is an idiomatic wrapper by design it contains a lot of unsafe calls to external ffi methods.
However, as I also maintain and trust libdb-sys, I can give this crate an overall positive rating.

I am the maintainer of libdb-sys. This crate is a classic ffi wrapper around Berkeley DB.
This means, that by design this code contains a lot of unsafe external ffi calls.
This crate uses static linking, i.e., the Berkeley DB code is included and build together with this crate.

I did not review nor understand the underlying Berkeley DB code itself, which is why I cannot give this review
a satisfyable thoroughness or understanding value.
However, the Berkeley DB code was retrieved from official sources (Oracle and official libdb repos from rpm).
This is why I trust this crate and give it an overall positive rating.