How Rust’s standard library was vulnerable for years and nobody noticed (medium.com) 9 points by mmirate 7y ago ↗ HN
[–] jmarinez 7y ago ↗ Shit just got real.@Rust team - and all other language teams for that matter - what process and tools will formally be used to prevent this from happening? [–] dbaupp 7y ago ↗ The article touches on this with a quote from the security team:> - We don’t have the time or inclination to work on updating this policy until after the [2018] edition ships> — We’d rather take the time to get it right, but don’t have the time right now [–] oconnor663 7y ago ↗ This is a formal verification project that has already found some bugs: http://plv.mpi-sws.org/rustbelt/ Interestingly, it's also found some cases where type bounds were unnecessarily restrictive.
[–] dbaupp 7y ago ↗ The article touches on this with a quote from the security team:> - We don’t have the time or inclination to work on updating this policy until after the [2018] edition ships> — We’d rather take the time to get it right, but don’t have the time right now
[–] oconnor663 7y ago ↗ This is a formal verification project that has already found some bugs: http://plv.mpi-sws.org/rustbelt/ Interestingly, it's also found some cases where type bounds were unnecessarily restrictive.
3 comments
[ 3.2 ms ] story [ 22.8 ms ] thread@Rust team - and all other language teams for that matter - what process and tools will formally be used to prevent this from happening?
> - We don’t have the time or inclination to work on updating this policy until after the [2018] edition ships
> — We’d rather take the time to get it right, but don’t have the time right now