logo

Rust crates reviews

Cryptographically verifiable, distributed dependency reviews

reviewer: git.sr.ht/~icefox

https://lib.rs/git.sr.ht/~icefox

$ cargo crev repo fetch url https://git.sr.ht/~icefox/crev-proofs
$ cargo crev id trust lr2ldir9XdBsKQkW3YGpRIO2pxhtSucdzf3M5ivfv4A

repo: https://git.sr.ht/~icefox/crev-proofs

crate version
rating
date
reviewer
thoroughness, understanding
positive
2019-11-16
git.sr.ht/~icefox
medium, medium

No unsafe, nothing malicious, life is good.

positive
2019-08-22
git.sr.ht/~icefox
medium, medium

Small platform-functionality wrapper, nothing exciting.

positive
2019-08-30
git.sr.ht/~icefox
medium, medium

Reads env vars and executes the program in them, or whatever program happens to be called rustc... but given that this thing's purpose is to probe rustc versions, that's kinda inevitable. Abuseable but certainly not malicious; it's made for build scripts and it's fine for this purpose.

strong
2019-08-21
git.sr.ht/~icefox
low, medium

Does nothing but shuffle #[cfg] statements; harmless.

positive
2019-08-23
git.sr.ht/~icefox
medium, medium

Basically pure computation with no unsafe or I/O.

positive
2019-09-19
git.sr.ht/~icefox
medium, medium

Tiny, safe, well-documented.

negative
2019-08-30
git.sr.ht/~icefox
medium, medium

Dangerous mutable state shenanigans that should never be necessary.

positive
2019-08-20
git.sr.ht/~icefox
medium, medium
positive
2019-08-20
git.sr.ht/~icefox
medium, medium

No obvious way to abuse it.

positive
2019-08-30
git.sr.ht/~icefox
low, medium

Pleasantly unsurprising. It's just math.

positive
2019-09-19
git.sr.ht/~icefox
medium, medium

Turns out the FNV algorithm is clever but trivial to implement, and this crate does nothing besides implement it.

positive
2019-08-20
git.sr.ht/~icefox
high, high

I wrote it, it's not network-facing, has no significant unsafe. So, yeah.

positive
2019-11-16
git.sr.ht/~icefox
medium, low

Just generates FFI for a system library.

negative
2019-08-30
git.sr.ht/~icefox
medium, medium

Apparently it's okay to silently give incorrect results; see https://github.com/thomcc/handy/pull/1

positive
2019-08-20
git.sr.ht/~icefox
low, medium
positive
2019-08-20
git.sr.ht/~icefox
low, medium
positive
2019-08-23
git.sr.ht/~icefox
medium, medium

Has some unsafe code in surprising places, for zero-copy casts. P. sure it's valid though.

positive
2019-08-30
git.sr.ht/~icefox
medium, medium

Just a compatibility shim re-exporting traits.

positive
2019-08-23
git.sr.ht/~icefox
medium, medium

Mostly just traits; unsafe can probably be removed, see https://github.com/rust-num/num-traits/issues/123

positive
2019-08-23
git.sr.ht/~icefox
medium, medium

Nothing but a re-export of num-traits 0.2

positive
2019-11-16
git.sr.ht/~icefox
high, high

Very minor version bump compared to previous version.

positive
2019-09-19
git.sr.ht/~icefox
high, high

I wrote this crate. Does absolutely no fancy stuff, no unsafe, no I/O.

positive
2019-08-30
git.sr.ht/~icefox
high, high

I'm the author and this crate is trivial.

negative
2019-08-30
git.sr.ht/~icefox
medium, medium

Gratiutous unsafe and global mutable state where there doesn't need to be any.

positive
2019-09-26
git.sr.ht/~icefox
low, medium

No unsafe, no real I/O, nothing weird in build stuff. Exactly what
you'd want from an image codec.

positive
2019-08-30
git.sr.ht/~icefox
medium, medium

There's still some transmute's that are unnecessary with Rust 1.32 but the code itself is fine.

neutral
2019-08-20
git.sr.ht/~icefox
medium, medium

Fine but uses some unnecessary transmute's, version 0.2.0 fixes this.

neutral
2019-08-20
git.sr.ht/~icefox
medium, medium

Uses a semi-unnecessary unsafe for speed, which I dislike, but is overall harmless.

positive
2019-08-30
git.sr.ht/~icefox
medium, medium

No unsafe in the library, no I/O, well documented and commented.

strong
2019-08-23
git.sr.ht/~icefox
medium, medium

The name is scary but it's nothing but shortcuts for unsafe code patterns you'd already use.

neutral
2019-08-20
git.sr.ht/~icefox
medium, medium

It can be told to execute arbitrary programs via env var, but does nothing malicious itself.

positive
2019-08-21
git.sr.ht/~icefox
medium, medium

Looks okay but I'd prefer to just avoid needing it.

positive
2019-09-26
git.sr.ht/~icefox
low, medium

LGTM. The only unsafe is for casting some slices of numbers
to bytes, which appears to be done safely.

strong
2019-08-20
git.sr.ht/~icefox
medium, medium
positive
2019-11-16
git.sr.ht/~icefox
medium, low

Not quite sure what it does but it doesn't do anything malicious.

positive
2019-08-21
git.sr.ht/~icefox
low, low

This is purely binary libraries and a build.rs option shim; the thing is whether you trust those binaries.

© bestia.dev 2021, MIT Licence, Version: 2021.1208.1729

Open source repository for this web app: https://github.com/bestia-dev/cargo_crev_web/