From aac2556b2353d1145d08af83a9390f5e37261b7e Mon Sep 17 00:00:00 2001 From: Henrik Skupin Date: Sun, 2 Apr 2023 18:31:05 +0000 Subject: [PATCH] Bug 1814050 - [rust-mozbase] Move audits to wildcard audit entries. r=supply-chain-reviewers,bholley Differential Revision: https://phabricator.services.mozilla.com/D174214 --- supply-chain/audits.toml | 71 ++++++++++++++++++---------------------- supply-chain/config.toml | 16 ++++----- 2 files changed, 40 insertions(+), 47 deletions(-) diff --git a/supply-chain/audits.toml b/supply-chain/audits.toml index 5e04a03ba5e8..650fa98654da 100644 --- a/supply-chain/audits.toml +++ b/supply-chain/audits.toml @@ -33,6 +33,38 @@ start = "2020-11-03" end = "2024-03-31" notes = "Maintained by the DevTools team at Mozilla and has no unsafe code." +[[wildcard-audits.mozdevice]] +who = "Henrik Skupin " +criteria = "safe-to-run" +user-id = 22262 +start = "2020-11-03" +end = "2024-03-31" +notes = "Maintained by the DevTools team at Mozilla and has no unsafe code." + +[[wildcard-audits.mozprofile]] +who = "Henrik Skupin " +criteria = "safe-to-deploy" +user-id = 22262 +start = "2020-11-03" +end = "2024-03-31" +notes = "Maintained by the DevTools team at Mozilla and has no unsafe code." + +[[wildcard-audits.mozrunner]] +who = "Henrik Skupin " +criteria = "safe-to-deploy" +user-id = 22262 +start = "2020-11-03" +end = "2024-03-31" +notes = "Maintained by the DevTools team at Mozilla and has no unsafe code." + +[[wildcard-audits.mozversion]] +who = "Henrik Skupin " +criteria = "safe-to-run" +user-id = 22262 +start = "2020-11-03" +end = "2024-03-31" +notes = "Maintained by the DevTools team at Mozilla and has no unsafe code." + [[wildcard-audits.ohttp]] who = "Martin Thomson " criteria = "safe-to-deploy" @@ -1381,45 +1413,6 @@ who = "Mike Hommey " criteria = "safe-to-deploy" delta = "0.5.3 -> 0.6.2" -[[audits.mozdevice]] -who = "Henrik Skupin " -criteria = "safe-to-run" -version = "0.5.1" -notes = "Maintained by the DevTools team at Mozilla and has no unsafe code." - -[[audits.mozprofile]] -who = "Henrik Skupin " -criteria = "safe-to-deploy" -version = "0.9.0" -notes = "Maintained by the DevTools team at Mozilla and has no unsafe code." - -[[audits.mozprofile]] -who = "Henrik Skupin " -criteria = "safe-to-deploy" -delta = "0.9.0 -> 0.9.1" - -[[audits.mozrunner]] -who = "Henrik Skupin " -criteria = "safe-to-deploy" -version = "0.15.0" -notes = "Maintained by the DevTools team at Mozilla and has no unsafe code." - -[[audits.mozrunner]] -who = "Henrik Skupin " -criteria = "safe-to-deploy" -delta = "0.15.0 -> 0.15.1" - -[[audits.mozversion]] -who = "Henrik Skupin " -criteria = "safe-to-run" -version = "0.5.0" -notes = "Maintained by the DevTools team at Mozilla and has no unsafe code." - -[[audits.mozversion]] -who = "Henrik Skupin " -criteria = "safe-to-run" -delta = "0.5.0 -> 0.5.1" - [[audits.naga]] who = "Dzmitry Malyshau " criteria = "safe-to-deploy" diff --git a/supply-chain/config.toml b/supply-chain/config.toml index 3742e7d38c8e..c8100acead66 100644 --- a/supply-chain/config.toml +++ b/supply-chain/config.toml @@ -100,24 +100,24 @@ audit-as-crates-io = false notes = "The crates.io version of this is just a placeholder to allow public crates to depend on mozbuild." [policy.mozdevice] -audit-as-crates-io = true -notes = "This is a first-party crate which is also published to crates.io, but we should publish audits for it for the benefit of the ecosystem." +audit-as-crates-io = false +notes = "This is a first-party crate which is also published to crates.io. We certify audits for this crate as part of the documented release process, but that step happens after the version bump lands on central so we don't enforce it here." [policy.mozglue-static] dependency-criteria = { rustc_version = "safe-to-run" } notes = "The rustc_version dependency is only used in the build script, and does not generate any runtime code" [policy.mozprofile] -audit-as-crates-io = true -notes = "This is a first-party crate which is also published to crates.io, but we should publish audits for it for the benefit of the ecosystem." +audit-as-crates-io = false +notes = "This is a first-party crate which is also published to crates.io. We certify audits for this crate as part of the documented release process, but that step happens after the version bump lands on central so we don't enforce it here." [policy.mozrunner] -audit-as-crates-io = true -notes = "This is a first-party crate which is also published to crates.io, but we should publish audits for it for the benefit of the ecosystem." +audit-as-crates-io = false +notes = "This is a first-party crate which is also published to crates.io. We certify audits for this crate as part of the documented release process, but that step happens after the version bump lands on central so we don't enforce it here." [policy.mozversion] -audit-as-crates-io = true -notes = "This is a first-party crate which is also published to crates.io, but we should publish audits for it for the benefit of the ecosystem." +audit-as-crates-io = false +notes = "This is a first-party crate which is also published to crates.io. We certify audits for this crate as part of the documented release process, but that step happens after the version bump lands on central so we don't enforce it here." [policy.naga] audit-as-crates-io = true