-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feature request: Better explainatons of the problems found #4
Comments
Perhaps there could be a flag |
This seems a good reason to also check whatever commit ID that cargo identified when publishing (if it exists). I would argue checking both and making a summary table at the end. |
Thank you very much for all of the feedback. I've spent most of the time scanning crates.io instead of improving the code, but I definitely want this tool to become useful and easy to use in the medium to long term. The |
I've just seen briansmith/untrusted#69 (comment). Not to downplay issues, but given that many maintainers commit from release branches, it seems a bit alarmist (though arguable, given the scope of the crate) to post a comment like this. I wouldn't want to alienate the community like RustSec did with some maintainers that didn't agree with unmaintained crate advisories (probably because of the backslash from the downstream users) |
You are right, I changed from deeply problematic to somewhat problematic. |
Consider some lines from my first run:
Maybe show a diff? Or provide some other easy way to inspect the actual differences. Or is this just due to the library not having a checked in Cargo.lock?
Aaah! I definitely want more details on that one! (Will be investigating that one manually)
Seen this one several times. It would make sense to show more details here.
Similar to the above, I want more info.
As an error message, this doesn't stand out enough from the log lines (whatever it means).
The text was updated successfully, but these errors were encountered: