Unsoundness notice for gix-attributes (kstring integration) #2027
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
gix-attributes was found by @ssbr to be unsound, as reported in GitoxideLabs/gitoxide#1460. This adds an informational notice for that, as discussed in comments there. It looks like the affected code, having been introduced in GitoxideLabs/gitoxide#400, was present in all versions of the crate prior to the fix in 0.22.3 (which was one of the bugs fixed in GitoxideLabs/gitoxide#1462). Co-authored-by: Devin Jeanpierre <[email protected]>
This makes some minor changes to the advisory description to adapt the text from GitoxideLabs/gitoxide#1460 to be an advisory. For the most part it has remained the same. Changes: * Express the claim of unsoundness with more confidence, since it has been reviewed by the maintainer. * Modify the link to the affected code to point to the latest tag for gix-attributes that has that code. The original link was to a branch, so it was broken when the fix was applied. * Apply inline code formatting in a few more places, where doing so improves stylistic consistency.
|
Thank you! Looks good to me. To clarify, why is this a draft? Is there anything else you want to do before we merge this? |
|
Looks good and I see the maintainer is on board. Merging. Thank you! |
I think it didn't need to be a draft -- I had it as a draft while I was looking over the PR text and checking CI results.
Thanks for the very quick response! 😄 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
gix-attributes was found by @ssbr to be unsound, as reported in GitoxideLabs/gitoxide#1460. This adds an informational notice for that, as discussed in comments there (cc @Byron).
The text of the notice is taken from that issue (083656c), with slight modification (1a50df1).
It looks like the affected code, having been introduced in GitoxideLabs/gitoxide#400, was most likely present in all published versions of the crate prior to the fix in 0.22.3 (which was one of the bugs fixed in GitoxideLabs/gitoxide#1462). So I have not specified a minimum affected version.