Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Exclude ci directory from packaged crate #282

Merged
merged 2 commits into from
Aug 4, 2023
Merged

Exclude ci directory from packaged crate #282

merged 2 commits into from
Aug 4, 2023

Conversation

mulkieran
Copy link
Contributor

No description provided.

@mulkieran mulkieran mentioned this pull request Aug 2, 2023
Closed
@mulkieran
Exclude ci directory from packaged crate
fd2bf61 
I do not think there is compelling reason to release the ci support as
part of a Rust source code package. In addition, the crate, as it is
released now, gets flagged in some security scans due to the presence of
Dockerfiles which are considered to be following some unsafe practices.
Most Linux distros package using the vendored appraoch and provide a
vendor tarfile of an application's dependencies. Scanners will tend to
expect that the contents of the vendor tarfile will be source code.
These Dockerfiles are already being flagged by some scanners; other
contents of the ci directory may be flagged in future.
@mulkieran
Copy link
Contributor Author

@Amanieu Would you consider this change? I've explained my reasoning in the commit message and I think it is good.

@Amanieu
Copy link
Member

Amanieu commented Aug 3, 2023

I don't normally look at commit messages, only the PR summary. But the arguments are reasonable.

Could you also exclude .github/workflows? That shouldn't be included either.

@mulkieran
Copy link
Contributor Author

I don't normally look at commit messages, only the PR summary. But the arguments are reasonable.

Could you also exclude .github/workflows? That shouldn't be included either.

Done!

@Amanieu Amanieu merged commit 17a6379 into rust-lang:master Aug 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mulkieran @Amanieu