search

mozilla / cargo-vet

supply-chain security for Rust
Apache License 2.0
649 stars 43 forks source link

Override Global Default Policies #493

Open Folling opened 1 year ago

Folling commented 1 year ago

Is it possible to override the default policies?

If it isn't I suggest implementing it as follows:

[policy]
criteria = "..."
dev-criteria = "..."
build-criteria = "..."

Since it is otherwise quite tedious to manage this on a per-crate level.

bholley commented 1 year ago

Policies are inherited, so you should only need to specify them for top-level crates (i.e., crates with no dependents), as displayed in cargo tree. Does your use-case have a lot of top-level crates? We could in principle add the feature you describe but so far it hasn't seemed needed.