Disclaimer […] These audits should not be construed as reflecting material safety or security properties of Rust crates.
How should they be construed?
This should be construed as “Our legal dept is twitchy about this. Please don’t sue us.”
Also, “just because we’ve audited these against our threat model that doesn’t mean they’re suitable for your threat model”.
Disclaimer: I work adjacent to some of the people working on this but this is me opining in ignorance.
I’d love to see multiple organizations publishing audits like these so other consumers can get a sense of the state of things in aggregate.
Looking at the cargo-vet documentation, I see https://mozilla.github.io/cargo-vet/importing-audits.html#the-registry.
cargo-vet
How should they be construed?
This should be construed as “Our legal dept is twitchy about this. Please don’t sue us.”
Also, “just because we’ve audited these against our threat model that doesn’t mean they’re suitable for your threat model”.
Disclaimer: I work adjacent to some of the people working on this but this is me opining in ignorance.
I’d love to see multiple organizations publishing audits like these so other consumers can get a sense of the state of things in aggregate.
Looking at the
cargo-vetdocumentation, I see https://mozilla.github.io/cargo-vet/importing-audits.html#the-registry.