-
In case you hadn't realised the GHA logs containing the SHA of the latest zip file (i.e. v2.4.1)[1] have expired[2], which means the build process is no longer auditable[3].
Unfortunately it doesn'…
-
-
## What are the schemas that are affected by the issue
/common/auditable
## What are examples of products that are impacted by the issue
Anything using profile
-
At some point nixpkgs made a decision to include `cargo-auditable` wrapper of some sort which ends up passing attribute `auditable` to `rust-overlay`, failure looks like this:
```
error: f…
pacak updated
2 months ago
-
In the wake of the `xz-utils` news, I think people should be un-trusting of binary artifacts committed to version control. If Pack were to catch on, it would have a similar position in the software ec…
-
The list of sites which are provided this information is a key mitigation against abuse - I would expect that such a list is publicly auditable to ensure it is actually achieving that mitigation.
T…
-
Is there something like this? Can I use the same generic repository if I don't define an entity as auditable?
-
In https://github.com/rust-secure-code/cargo-auditable I have started out tagging the versions of `cargo auditable` itself, but the project has since grown and gained several more binaries. So I have …
-
The new [`cargo-auditable`](https://github.com/rust-secure-code/cargo-auditable), that the Rust Secure WG & @Shnatsel built, is a tool that builds executables with Cargo and embeds a manifest of all o…
-
Our toolkit lends itself to publicly auditable MPC since we are already including pedersen commitments alongside the AVSSd values, and the preprocessing values are all generated from avssd values.
He…