From c52ae9d5974b08f6455c33c0a87c1e995184c4f5 Mon Sep 17 00:00:00 2001 From: mulhern Date: Wed, 2 Aug 2023 14:05:07 -0400 Subject: [PATCH 1/2] Exclude ci directory from packaged crate I do not think there is compelling reason to release the ci support as part of a Rust source code package. In addition, the crate, as it is released now, gets flagged in some security scans due to the presence of Dockerfiles which are considered to be following some unsafe practices. Most Linux distros package using the vendored appraoch and provide a vendor tarfile of an application's dependencies. Scanners will tend to expect that the contents of the vendor tarfile will be source code. These Dockerfiles are already being flagged by some scanners; other contents of the ci directory may be flagged in future. --- library/compiler-builtins/libm/Cargo.toml | 1 + 1 file changed, 1 insertion(+) diff --git a/library/compiler-builtins/libm/Cargo.toml b/library/compiler-builtins/libm/Cargo.toml index 393d95e4af26..50e6ed6e2225 100644 --- a/library/compiler-builtins/libm/Cargo.toml +++ b/library/compiler-builtins/libm/Cargo.toml @@ -10,6 +10,7 @@ readme = "README.md" repository = "https://github.com/rust-lang/libm" version = "0.2.7" edition = "2018" +exclude = ["/ci/"] [features] default = [] From 54577e0039af34884e9a8f98e7e9103efe173766 Mon Sep 17 00:00:00 2001 From: mulhern Date: Thu, 3 Aug 2023 15:05:28 -0400 Subject: [PATCH 2/2] Exclude GitHub Workflows files from packaged crate --- library/compiler-builtins/libm/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/compiler-builtins/libm/Cargo.toml b/library/compiler-builtins/libm/Cargo.toml index 50e6ed6e2225..12126c6d085b 100644 --- a/library/compiler-builtins/libm/Cargo.toml +++ b/library/compiler-builtins/libm/Cargo.toml @@ -10,7 +10,7 @@ readme = "README.md" repository = "https://github.com/rust-lang/libm" version = "0.2.7" edition = "2018" -exclude = ["/ci/"] +exclude = ["/ci/", "/.github/workflows/"] [features] default = []