Cryptographically verifiable, distributed dependency reviews
reviewer: KonradBorowski
$ cargo crev repo fetch url https://gitlab.com/KonradBorowski/crev-proofs$ cargo crev id trust ZOm7om6WZyEf3SBmDC69BXs8sc1VPniYx7Nfz2Du6hMrepo: https://gitlab.com/KonradBorowski/crev-proofs
Please, use mobile in landscape.
Internally uses migrations_internals and migrations_macros, the crate itself doesn't do much.
I'm the author of this crate
This is my crate
When programming for HermitCore, L4Re, UEFI or SGX on x86_64, this crate
will use rdrand as source of randomness, which may have a backdoor.
This looks fine on other platforms, using built-in operating system
CSPRNG generation functions, assuming the operating system vendors didn't
screw up those functions - and if they did, you have a problem, whatever
or not this crate is secure.
Functions whose name starts with align_first are unsound as they create
allocations whose alignment doesn't match the alignment of an allocation.
This can cause hard to debug issues when using alignment aware allocator.
Does exactly what it's supposed to. For new projects it may make sense to
use matches! macro from standard library (https://doc.rust-lang.org/std/macro.matches.html),
but it's fine to use dependencies that use matches crate.
There is no unsafe usage, there are some tests, probably correct. Correctness of cryptography was not checked.
crater has the following line in its code
median_three_quicksort = { skip-tests = true } # sorting library that sometimes doesn't sort (WTF)
I think that says enough. This crate doesn't work as it should - there
is probably some bug in an implementation.
Always causes UB, but that's exactly what this crate is supposed to do and it properly requires unsafe.
Doesn't support generic struts
Doesn't support generic struts and checks for core/std incorrectly sometimes causing compilation errors when used in Edition 2015 code
Bindings generated by bindgen. Quality of actual PostgreSQL code wasn't verified as it's a huge codebase.
copy_over and prepend functions cause UB
copy_over and prepend functions cause UB
copy_over and prepend functions cause UB
Re-export of serde to workaround crates being implicit features
All implementations are correct, trait requirements seem fine and usable
for crates like rental (unlike std::pin::Pin).
Constants to be used by other crate, the values seem correct. Worth noting that changing values in this crate will cause unsafety unless a new release gets made.
There is ridiculous amount of unsafe. I have no idea how anything in this
crate works, and miri complains about out of bounds reads (after I change
crate to use NonZeroUsize from standard library instead of janky
reference-based NonZeroUsize).
Unlike unicase 2 it doesn't use case folding, so 'ß' would be considered different to 'SS'
Does exactly what it should do, but it's based on Unicode 9.0, when at the time of the review the newest version was 12.1
Does exactly what it is meant to do. Probably useless outside of its
intended use-case.
© bestia.dev 2023, MIT License, Version: 2023.608.1636
Open source repository for this web app: https://github.com/bestia-dev/cargo_crev_web/