Lib.rs

These reviews are from cargo-vet. To add your review, set up cargo-vet and submit your URL to its registry.

2.5.0 — diff review from 2.4.1 only (current) safe-to-deploy

From divviup/libprio-rs. Audited without comment by David Cook.

2.5.0 (current) safe-to-deploy

From mozilla/supply-chain copy of hg. By Simon Friedberger.

The goal is to provide some constant-time correctness for cryptographic implementations. The approach is reasonable, it is known to be insufficient but this is pointed out in the documentation.

2.5.0 (current) unknown

From kornelski/crev-proofs copy of salsa.debian.org.

Only in debcargo (unstable). Changelog:

• Team upload.
• Package subtle 2.5.0 from crates.io using debcargo 2.6.1 (Closes: #1061381)

2.5.0 (current) unknown

From kornelski/crev-proofs copy of git.savannah.gnu.org.

Packaged for Guix (crates-crypto)

cargo-vet does not verify reviewers' identity. You have to fully trust the source the audits are from.

safe-to-deploy (implies safe-to-run)

This crate will not introduce a serious security vulnerability to production software exposed to untrusted input. More…

safe-to-run

Implied by other criteria

This crate can be compiled, run, and tested on a local workstation or in controlled automation without surprising consequences. More…

unknown

May have been packaged automatically without a review

---

These reviews are from Crev, a distributed system for code reviews. To add your review, set up cargo-crev.

The current version of subtle is 2.5.0.

2.4.1 (older version) Rating: Positive Thoroughness: Medium Understanding: High

by kaiserkarel on 2022-01-17

Checked for backdoors and unsafety. Seems to not contain UB, however it has some incorrect comments explaining why it is safe.

2.4.0 (older version) Rating: Negative + Unmaintained Thoroughness: None Understanding: None

by kornelski on 2021-02-05

warning: unexplained kicking out of co-maintainers

• Issue: Medium (twitter.com/hdevalence/status/1356831666124197890)