lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAJ-ks9=Ec0xLg81GUYJ07uDzwtwhFkoEdxaa3kNtV6xSjZ57MQ@mail.gmail.com>
Date: Fri, 14 Mar 2025 18:20:59 -0400
From: Tamir Duberstein <tamird@...il.com>
To: Miguel Ojeda <miguel.ojeda.sandonis@...il.com>
Cc: Benno Lossin <benno.lossin@...ton.me>, Masahiro Yamada <masahiroy@...nel.org>, 
	Nathan Chancellor <nathan@...nel.org>, Nicolas Schier <nicolas@...sle.eu>, Miguel Ojeda <ojeda@...nel.org>, 
	Alex Gaynor <alex.gaynor@...il.com>, Boqun Feng <boqun.feng@...il.com>, 
	Gary Guo <gary@...yguo.net>, Björn Roy Baron <bjorn3_gh@...tonmail.com>, 
	Andreas Hindborg <a.hindborg@...nel.org>, Alice Ryhl <aliceryhl@...gle.com>, 
	Trevor Gross <tmgross@...ch.edu>, Danilo Krummrich <dakr@...nel.org>, 
	Greg Kroah-Hartman <gregkh@...uxfoundation.org>, "Rafael J. Wysocki" <rafael@...nel.org>, 
	Brendan Higgins <brendan.higgins@...ux.dev>, David Gow <davidgow@...gle.com>, 
	Rae Moar <rmoar@...gle.com>, Bjorn Helgaas <bhelgaas@...gle.com>, 
	Luis Chamberlain <mcgrof@...nel.org>, Russ Weight <russ.weight@...ux.dev>, Rob Herring <robh@...nel.org>, 
	Saravana Kannan <saravanak@...gle.com>, linux-kbuild@...r.kernel.org, 
	linux-kernel@...r.kernel.org, rust-for-linux@...r.kernel.org, 
	linux-kselftest@...r.kernel.org, kunit-dev@...glegroups.com, 
	linux-pci@...r.kernel.org, linux-block@...r.kernel.org, 
	devicetree@...r.kernel.org
Subject: Re: [PATCH v3 6/6] rust: use strict provenance APIs

On Fri, Mar 14, 2025 at 6:00 PM Miguel Ojeda
<miguel.ojeda.sandonis@...il.com> wrote:
>
> On Fri, Mar 14, 2025 at 9:18 PM Benno Lossin <benno.lossin@...ton.me> wrote:
> >
> > I don't know when we'll be bumping the minimum version. IIRC 1.85.0 is
> > going to be in debian trixie, so eventually we could bump it to that,
> > but I'm not sure what the time frame will be for that.
> >
> > Maybe we can salvage this effort by gating both the lint and the
> > unstable features on the versions where it works? @Miguel, what's your
> > opinion?
> >
> > We could even make it simple, requiring 1.84 and not bothering with the
> > older versions.
>
> Regarding Debian Trixie: unknown, since my understanding is that it
> does not have a release date yet, but apparently mid May is the Hard
> Freeze and then it may take e.g. a month or two to the release.
>
> And when it releases, we may want to wait a while before bumping it,
> depending on how much time has passed since Rust 1.85.0 and depending
> on whether we managed to get e.g. Ubuntu LTSs to provide a versioned
> package etc.
>
> If something simple works, then let's just go for that -- we do not
> care too much about older versions for linting purposes, since people
> should be testing with the latest stable too anyway.

It's not going to be simple because `rust_common_flags` is defined
before the config is read, which means I'll have to sprinkle
conditional logic in even more places to enable the lints.

The most minimal version of this patch would drop all the build system
changes and just have conditionally compiled polyfills for the strict
provenance APIs. Are folks OK with that?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ