These reviews are from cargo-vet. To add your review, set up cargo-vet and submit your URL to its registry.

The current version of Ruzstd is 0.6.0.

0.5.0 (older version) unknown

From kornelski/crev-proofs copy of salsa.debian.org.

Only in debcargo (unstable). Changelog:

  • Team upload.
  • Package ruzstd 0.5.0 from crates.io using debcargo 2.6.1
  • Reduce context in disable-tests-missing-testdata.patch to avoid fuzz with new upstream.

cargo-vet does not verify reviewers' identity. You have to fully trust the source the audits are from.

ub-risk-2 (implies ub-risk-3)

A designated unsafe code reviewer has audited the unsafe code in this crate. It has been found to pose a trivial risk of causing undefined behavior.

UB-RISK-2 crates are suitable for most applications:

  • Safety documentation is relatively comprehensive, though it may not be adequately precise. Unsafe APIs can be used soundly with very minor caution.
  • Unsafe blocks may rely on informal invariants and preconditions. The reasoning required to justify them may be especially difficult or under-documented.
  • Undefined behavior may be possible under extraordinary circumstances.

UB-RISK-2 crates are effectively "the average good crate". While they may have very slight (but real) soundness issues, they are safe to use in general without much worry. These crates may exhibit undefined behavior under "extraordinary circumstances", which is ultimately up to reviewer discretion. Users may expect that reasonable use of the crate will not cause undefined behavior.

ub-risk-3 (implies ub-risk-4)
Implied by other criteria

A designated unsafe code reviewer has audited the unsafe code in this crate. It has been found to pose a significant risk of causing undefined behavior.

UB-RISK-3 crates are suitable for select applications:

  • Safety documentation may not be adequately comprehensive or precise. Unsafe APIs can be used soundly with a decent amount of caution.
  • Unsafe blocks may rely on under-documented or inferred invariants and preconditions. The reasoning required to justify them may rely on specific interpretations of undefined behavior that are under-specified. Those interpretations must not actively cause UB, and should be unlikely to begin causing UB in the future.
  • Undefined behavior may be possible under uncommon circumstances.

UB-RISK-3 crates may not uphold the typical standards required for unsafe code, but are still used because they have been widely adopted and will inevitably be leveraged by indirect dependencies. These crates may exhibit undefined behavior under "uncommon circumstances", which is ultimately up to reviewer discretion. A decent amount of experience with unsafe code will be required to avoid undefined behavior.

ub-risk-4
Implied by other criteria

A designated unsafe code reviewer has audited the unsafe code in this crate. It has been found to pose a high risk of causing undefined behavior.

UB-RISK-4 crates are unsuitable except in specific situations:

  • Safety documentation may be nonexistent. Unsafe APIs may be difficult to use safely even with experience writing unsafe code and specific domain expertise.
  • Unsafe blocks may rely on undocumented invarianats or platform-specific behavior. It may be difficult or impossible to reason about all possible situations that may cause undefined behavior. Even a best-effort review is expected to miss at least some possible unsoundness.
  • Undefined behavior may be possible under common circumstances.

UB-RISK-4 crates may have APIs that are difficult to use without causing undefined behavior. They may require a large amount of domain expertise to use correctly, have large unsafe APIs with insufficient documentation, or perform many operations from safe code that could cause undefined behavior.

unknown

May have been packaged automatically without a review


Crates in the crates.io registry are tarball snapshots uploaded by crates' publishers. The registry is not using crates' git repositories. There is absolutely no guarantee that the repository URL declared by the crate belongs to the crate, or that the code in the repository is the code inside the published tarball. To review the actual code of the crate, it's best to use cargo crev open ruzstd. Alternatively, you can download the tarball of ruzstd v0.6.0 or view the source online.