Closed CinchBlue closed 7 months ago
agree this would be good to have, we've talked about it a long time ago about having a reason
field on all bans. we really should implement it wouldn't be hard.
all of our bans do have a comment today so would be a way to encode that and as you say give a clear reason/justification/recommendation directly on failures.
# denied crates
{ name = "openssl" }, # we use rustls instead
{ name = "openssl-sys" }, # we use rustls instead
{ name = "RustyXml" }, # we don't want to use any XML and some of these are 4 year old dependencies
{ name = "serde-xml-rs" }, # we don't want to use any XML and some of these are 4 year old dependencies
{ name = "color-backtrace" }, # color-backtrace is nice but brings in too many dependencies and that are often outdated, so not worth it for us.
{ name = "typetag" }, # disallow these crates that rely on static initialization order which we've had issues with
{ name = "inventory" }, # disallow these crates that rely on static initialization order which we've had issues with
{ name = "ctor" }, # disallow these crates that rely on static initialization order which we've had issues with
{ name = "bzip2" }, # disallow C dependency, we just Rust native versions instead
{ name = "smart-default", wrappers = [
"minidump-common",
] }, # smart-default should not be used
{ name = "actix-web" }, # repeatedly unsound, too many dependencies, and not needed for our use cases
{ name = "bzip2-sys" }, # disallow C dependency, we just Rust native versions instead
{ name = "nfd" }, # unmaintined, we use `rfd` instead
{ name = "nfd2" }, # we use `rfd` instead
{ name = "msgbox" }, # we use `rfd` instead
{ name = "backtrace-sys" }, # disallow C dependency, use gimli Rust crate instead
{ name = "keyring" }, # too many and too old dependencies
{ name = "secret-service" }, # too many and too old dependencies
{ name = "wasmtime-cache" }, # we do our own manual caching
Is your feature request related to a problem? Please describe. When denying usage of a crate, it is often useful to give a justification for the ban (and how to workaround it or redirect usage to more suitable crates).
Describe the solution you'd like Add a
comment
orjustification
field to item entries underban.deny
. Print this as a part of a warning/error.Describe alternatives you've considered You could add it as a comment, but it's better if it's in the tool.
Additional context
anyhow
oreyre
in-general, and redirecting users to use athiserror
-based crate.