rustypwneddownloader
rustypwneddownloader | rust-crate-audits | |
---|---|---|
4 | 2 | |
6 | 214 | |
- | 1.4% | |
5.5 | 9.1 | |
24 days ago | 9 days ago | |
Rust | ||
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
rustypwneddownloader
-
The Windows installer of ImageMagick will no longer be signed
Just throwing in that the dollar value isn't the only cost. I've been using an automated release workflow tomanage signing, eg
https://github.com/technion/rustypwneddownloader/blob/main/....
This worfklow isn't usable with these new rules, and I'm having a hard time with the assertion that moving builds to my desktop to use a hardware signing key and uploading them in a non automated, non transparent fashion is an improvement on security.
-
Google open-sources Rust crate audits
I just grabbed my (very basic app)[https://github.com/technion/rustypwneddownloader] and ran a cargo vet init. Out of the box there were 145 dependencies found (ouch.. that already feels like a bad trajectory).
- Show HN: Rust Port of Pwnpasswordsdownloader
-
What's everyone working on this week (21/2023)?
I've written and released a Rust port of the pwnedpasswordsdownloader: https://github.com/technion/rustypwneddownloader
rust-crate-audits
-
Severity HIGH security problem to be announced with curl 8.4.0 on Oct 11
Google has actually audited using cargo-vet every crate that chromiumos and fucshia depend on that have unsafe in it. They also have some additional rules related to cryptographic algorithms. I'm pretty surprised they haven't done the same for rust usage in android. https://github.com/google/rust-crate-audits
- Google open-sources Rust crate audits
What are some alternatives?
journals-web-server - Backend server for the TUI-Journal app
pledge - OpenBSD APIs ported to Linux userspace using SECCOMP BPF and Landlock LSM
tpr - An anonymous and decentralized routing protocol. The code will be up once it is done, but the paper is already available.
promise_out - promiseOut version for rust
KeenWrite
syno-photo-frame - Build a digital photo frame for Synology Photos with Raspberry Pi
launchthing - 🏵️ Minimalist application launcher for linux
AzureSignTool - SignTool Library and Azure Key Vault Support
tui-journal - Your journal app if you live in a terminal
have-i-been-bloomed - A Bloom filter & Golang server for checking passwords against the "Have I Been Pwned 2.0" password database.
minidb - A simple database for learning purposes
pyvips - python binding for libvips using cffi