remove rand crate from crosvm |
||
Issue descriptionIt would be good to minimize trivial external dependencies due to the risk of crates.io ecosystem malware.
,
Jan 18
(5 days ago)
The following revision refers to this bug: https://chromium.googlesource.com/chromiumos/platform/crosvm/+/2200604d9c101888df658f9483290a13952c6b1c commit 2200604d9c101888df658f9483290a13952c6b1c Author: Daniel Prilik <prilik@google.com> Date: Fri Jan 18 04:20:50 2019 remove rand crate the few uses of rand::thread_rng() have been replaced with either prngs or reads from /dev/urandom. the implementations are under the `rand_ish` minicrate. `protoc-rust` depends on `tempdir`, which relies on rand, so `tempdir` has been patched with a rewritten version that does not have rand as a dependency. BUG= chromium:921795 TEST=cargo test --features plugin Change-Id: I6f1c7d7a1aeef4dd55ac71e58294d16c291b8871 Reviewed-on: https://chromium-review.googlesource.com/1409705 Commit-Ready: Daniel Prilik <prilik@google.com> Tested-by: kokoro <noreply+kokoro@google.com> Reviewed-by: Zach Reizner <zachr@chromium.org> [modify] https://crrev.com/2200604d9c101888df658f9483290a13952c6b1c/src/main.rs [modify] https://crrev.com/2200604d9c101888df658f9483290a13952c6b1c/src/linux.rs [add] https://crrev.com/2200604d9c101888df658f9483290a13952c6b1c/tempdir/src/lib.rs [add] https://crrev.com/2200604d9c101888df658f9483290a13952c6b1c/tempdir/Cargo.toml [modify] https://crrev.com/2200604d9c101888df658f9483290a13952c6b1c/Cargo.lock [modify] https://crrev.com/2200604d9c101888df658f9483290a13952c6b1c/Cargo.toml [add] https://crrev.com/2200604d9c101888df658f9483290a13952c6b1c/rand_ish/src/lib.rs [add] https://crrev.com/2200604d9c101888df658f9483290a13952c6b1c/rand_ish/Cargo.toml [modify] https://crrev.com/2200604d9c101888df658f9483290a13952c6b1c/tests/plugins.rs
,
Today
(12 hours ago)
|
||
►
Sign in to add a comment |
||
Comment 1 by za...@chromium.org
, Jan 15Labels: Proj-Containers OS-Chrome