Skip to content

M0-05: Make cargo-audit availability explicit #13

Closed
Closed
M0-05: Make cargo-audit availability explicit#13
Labels
area:ciWork in the ci area.priority:P1High-impact work needed for the MVP or beta path.type:ciContinuous integration or automation work.type:securitySecurity, supply-chain, privacy, or network-safety work.
Milestone
0.2.0: audit-clean alpha
@DrunkOnJava

Description

@DrunkOnJava
DrunkOnJava
opened on Apr 25, 2026

Created from the roadmap audit in TODO.md.

Source: https://github.com/DrunkOnJava/rvt-rs/blob/main/TODO.md#L175
Tracking commit: 1ec8105

Scope

Labels: priority:P1, type:ci, type:security, area:ci

  • Decide whether cargo-audit is required locally or CI-only.
  • Add installation notes for maintainers.
  • Ensure CI still runs the RustSec advisory check.

Acceptance criteria:

  • CONTRIBUTING.md documents how to run advisory checks locally.
  • CI has a passing advisory job.
  • Local absence of cargo audit is not confused with source failure.

Definition of done

  • The TODO acceptance criteria for this section are implemented or explicitly superseded by a linked decision.
  • Tests, fixtures, or documentation are added at the level appropriate to the change risk.
  • User-facing behavior and limitations remain honest in README/docs/viewer messaging.
  • Relevant CI checks pass before the issue is closed.

Metadata

Metadata

Assignees

No one assigned

    Labels

    area:ciWork in the ci area.priority:P1High-impact work needed for the MVP or beta path.type:ciContinuous integration or automation work.type:securitySecurity, supply-chain, privacy, or network-safety work.

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions