Add trophy case to README
Shnatsel opened this issue · comments
It's important for collaborative projects to show progress, as it motivates further participation. To that end we should surface the crates already audited and/or cleansed in the README.
yes plz add the randomize-3.0 crate <3
Here's what I think it could look like:
libflate
Discovered and fixed a security issue plus 3 non-expoitable safety issues. Reduced number of unsafe blocks in the crate from 16 to 1, two of which were replaced with shared dependency crates. More info
Or we could go for a more structured format, such as:
| Crate | Unsafe blocks before | Unsafe blocks after | Security issues found | Comments | Tracking issue |
|---|---|---|---|---|---|
| libflate | 16 | 1 | RUSTSEC-2019-0010 | Also fixed 3 non-exploitable memory safety issues | #1 |
Thoughts?
@oyvindln would you be OK with your recent work on miniz_oxide being showcased on this repository?
that table format looks crazy bad on mobile display. Let's stick to paragraphs which will reflow to smaller screens easily.
On the other hand I really like the structured presentation that provides an overview at a glance. https://github.com/rust-fuzz/trophy-case just goes down that route and doesn't care about mobile.
Perhaps we could strike a middle ground with bullet points? How about this:
libflate
- Unsafe blocks before: 16
- Unsafe blocks after: 1 plus 2 more moved to shared crates
- Security bug found: RUSTSEC-2019-0010
- Tracking issue: #1
Also discovered and fixed 3 non-expoitable safety issues.
We should probably also credit the people who performed the audit. Attribution is important and also helps motivate contributors.
Added initial version in #23. Please add your contributions!