RustSec advisory Omission on potentially actionable fix(es) #684
Comments
|
Hey @pinkforest is this issue roughly the same as #683 and can we close it out if so? |
|
Separate issue and we talked about it extensively :) But I'll close it since I trust this has been raised elsewhere. |
|
Right on :) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Follow-Up from: #683 as another issue
We typically strive hard to include actionable advice as to any fixes if any on informational advisories.
Currently GHSA Is omitting to include that actionable advice we've included -
This means when Dependabot raises issue with the repo maintainer they don't really know how to resolve it.
e.g. ansi_term we provided advice as to how to fix it: https://rustsec.org/advisories/RUSTSEC-2021-0139.html
But GHSA omitted this: GHSA-74w3-p89x-ffgh
Problem with omitting this information is that people tend to ignore advisories that have no actionable fixes.
Perhaps even saying in GHSA that the RustSec advisory referenced may contain actionable fixes as to how to resolve the advisory can help the advisory consumer.
The text was updated successfully, but these errors were encountered: