[tor-bugs] #31588 [Applications/Tor Browser]: Be smarter about vendoring for Rust projects

Tor Bug Tracker & Wiki blackhole at torproject.org
Mon Jan 20 16:58:02 UTC 2020


#31588: Be smarter about vendoring for Rust projects
-------------------------------------------+--------------------------
 Reporter:  gk                             |          Owner:  tbb-team
     Type:  task                           |         Status:  new
 Priority:  Medium                         |      Milestone:
Component:  Applications/Tor Browser       |        Version:
 Severity:  Normal                         |     Resolution:
 Keywords:  tbb-rbm, TorBrowserTeam202002  |  Actual Points:
Parent ID:                                 |         Points:
 Reviewer:                                 |        Sponsor:
-------------------------------------------+--------------------------
Changes (by sysrqb):

 * keywords:  tbb-rbm, TorBrowserTeamTriaged => tbb-rbm,
               TorBrowserTeam202002


Comment:

 Replying to [comment:6 boklm]:
 > If we trust that `cargo vendor` will provide reproducible output, and is
 correctly checking downloaded files, then maybe we could add some step in
 the build where we allow network access in the container, in order to run
 `cargo vendor` and generate a vendor tarball.

 Moving this to February. If we make the above assumptions (and they need
 to be confirmed), then after #28325 is solved this ticket should
 (hopefully) follow soon after.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/31588#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list