0.2.13 (older version)
From kornelski/crev-proofs copy of salsa.debian.org.
These reviews are from cargo-vet. To add your review, set up cargo-vet and submit your URL to its registry.
The current version of ThinVec is 0.2.14.
0.2.13 (older version)
From kornelski/crev-proofs copy of git.savannah.gnu.org.
Packaged for Guix (crates-io)
0.2.12 (older version)
From mozilla/supply-chain copy of hg. Audited without comment by Mike Hommey.
0.2.5 (older version)
From mozilla/supply-chain copy of hg. By Aria Desires.
I own this crate, and most of its versions were codeveloped and reviewed by Nika Layzell. This version was not explicitly reviewed by her, but it was specifically a release that made the code pass miri and was reviewed by me. Firefox uses it in the gecko-ffi configuration which is less thoroughly tested and more dangerous but we're reasonably confident in it. The real danger is from C++ code failing to use it correctly in FFI but that's just how FFI is.
cargo-vet does not verify reviewers' identity. You have to fully trust the source the audits are from.
- safe-to-deploy (implies safe-to-run)
-
This crate will not introduce a serious security vulnerability to production software exposed to untrusted input. More…
- safe-to-run
Implied by other criteria
This crate can be compiled, run, and tested on a local workstation or in controlled automation without surprising consequences. More…
- unknown
-
May have been packaged automatically without a review
Crates in the crates.io registry are tarball snapshots uploaded by crates' publishers. The registry is not using crates' git repositories. There is absolutely no guarantee that the repository URL declared by the crate belongs to the crate, or that the code in the repository is the code inside the published tarball.
To review the actual code of the crate, it's best to use cargo crev open thin-vec. Alternatively, you can download the tarball of thin-vec v0.2.14 or view the source online.
Only in debcargo (unstable). Changelog: