# cargo-vet imports lock [audits.chromeos.criteria.crypto-safe] description = """ All crypto algorithms in this crate have been reviewed by a relevant expert. **Note**: If a crate does not implement crypto, use `does-not-implement-crypto`, which implies `crypto-safe`, but does not require expert review in order to audit for.""" [audits.chromeos.criteria.does-not-implement-crypto] description = """ Inspection reveals that the crate in question does not attempt to implement any cryptographic algorithms on its own. Note that certification of this does not require an expert on all forms of cryptography: it's expected for crates we import to be \"good enough\" citizens, so they'll at least be forthcoming if they try to implement something cryptographic. When in doubt, please ask an expert.""" [[audits.chromeos.audits.anyhow]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.0.68" [[audits.chromeos.audits.anyhow]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.68 -> 1.0.70" [[audits.chromeos.audits.anyhow]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.70 -> 1.0.71" [[audits.chromeos.audits.anyhow]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.71 -> 1.0.72" [[audits.chromeos.audits.anyhow]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "1.0.72 -> 1.0.75" [[audits.chromeos.audits.bytemuck]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.13.1" [[audits.chromeos.audits.bytes]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "1.4.0" [[audits.chromeos.audits.getrandom]] who = "Android Legacy" criteria = "safe-to-run" version = "0.2.2" [[audits.chromeos.audits.hex]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.4.3" [[audits.chromeos.audits.libc]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.2.146" notes = """ Much like the getrandom crate, this exports interfaces to APIs which perform crypto, but does not implement any crypto itself. """ [[audits.chromeos.audits.libc]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.2.146 -> 0.2.147" [[audits.chromeos.audits.libc]] who = "Daniel Verkamp " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.2.147 -> 0.2.153" [[audits.chromeos.audits.log]] who = "ChromeOS" criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.4.17" [[audits.chromeos.audits.log]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] delta = "0.4.17 -> 0.4.20" [[audits.chromeos.audits.rand_chacha]] who = "Android Legacy" criteria = "safe-to-run" version = "0.3.1" [[audits.chromeos.audits.rand_core]] who = "Android Legacy" criteria = "safe-to-run" version = "0.6.4" [[audits.chromeos.audits.rustc-demangle-capi]] who = "George Burgess IV " criteria = ["safe-to-run", "does-not-implement-crypto"] version = "0.1.0" [audits.fuchsia.criteria.ub-risk-0] description = """ No unsafe code. Full description of the audit criteria can be found at https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-0 """ [audits.fuchsia.criteria.ub-risk-1] description = """ Excellent soundness. Full description of the audit criteria can be found at https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-1 """ [audits.fuchsia.criteria.ub-risk-2] description = """ Negligible unsoundness or average soundness. Full description of the audit criteria can be found at https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-2 """ [audits.fuchsia.criteria.ub-risk-3] description = """ Mild unsoundness or suboptimal soundness. Full description of the audit criteria can be found at https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-3 """ [audits.fuchsia.criteria.ub-risk-4] description = """ Extreme unsoundness. Full description of the audit criteria can be found at https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-4 """ [[audits.fuchsia.audits.getrandom]] who = "David Koloski " criteria = ["safe-to-deploy", "ub-risk-2"] delta = "0.2.2 -> 0.2.12" notes = "Audited at https://fxrev.dev/932979" [audits.google.criteria.crypto-safe] description = """ All crypto algorithms in this crate have been reviewed by a relevant expert. **Note**: If a crate does not implement crypto, use `does-not-implement-crypto`, which implies `crypto-safe`, but does not require expert review in order to audit for.""" [audits.google.criteria.does-not-implement-crypto] description = """ Inspection reveals that the crate in question does not attempt to implement any cryptographic algorithms on its own. Note that certification of this does not require an expert on all forms of cryptography: it's expected for crates we import to be \"good enough\" citizens, so they'll at least be forthcoming if they try to implement something cryptographic. When in doubt, please ask an expert.""" [audits.google.criteria.ub-risk-0] description = """ No unsafe code. Full description of the audit criteria can be found at https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-0 """ [audits.google.criteria.ub-risk-1] description = """ Excellent soundness. Full description of the audit criteria can be found at https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-1 """ [audits.google.criteria.ub-risk-2] description = """ Negligible unsoundness or average soundness. Full description of the audit criteria can be found at https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-2 """ [audits.google.criteria.ub-risk-3] description = """ Mild unsoundness or suboptimal soundness. Full description of the audit criteria can be found at https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-3 """ [audits.google.criteria.ub-risk-4] description = """ Extreme unsoundness. Full description of the audit criteria can be found at https://github.com/google/rust-crate-audits/blob/main/auditing_standards.md#ub-risk-4 """ [[audits.google.audits.bytemuck]] who = [ "Manish Goregaokar ", "Ɓukasz Anforowicz ", ] criteria = ["does-not-implement-crypto", "ub-risk-2"] version = "1.13.1" notes = "Reviewed in CL 561111794" [[audits.google.audits.log]] who = "Ben Saunders " criteria = ["does-not-implement-crypto", "ub-risk-1"] version = "0.4.20" notes = "Reviewed in CL 563853923"