2.0.3 (current)
From kornelski/crev-proofs copy of git.savannah.gnu.org.
This review is from cargo-vet. To add your review, set up cargo-vet
and submit your URL to its registry.
2.0.3 (current)
From kornelski/crev-proofs copy of git.savannah.gnu.org.
cargo-vet does not verify reviewers' identity. You have to fully trust the source the audits are from.
May have been packaged automatically without a review
This review is from Crev, a distributed system for code reviews. To add your review, set up cargo-crev
.
The current version of HashHasher is 2.0.3.
2.0.0 (older version) Thoroughness: Medium Understanding: Medium
by vorner on 2019-11-19
The code is trivial and looks good enough for creating hashes given already hashed data, at least for non-security related scenarios.
There might be some cases where the given hashes don't use the full range of u64, though (in case a structure of several small fields is used, for example). This might lead to suboptimal distribution and collisions in a HashMap and might come as some surprise. On the other hand, anything without this problem would probably require something more complex and likely slower and this seems to aim for things like bittorrent hashes and git commits, where the data is an [u8].
Lib.rs has been able to verify that all files in the crate's tarball are in the crate's repository. Please note that this check is still in beta, and absence of this confirmation does not mean that the files don't match.
Crates in the crates.io registry are tarball snapshots uploaded by crates' publishers. The registry is not using crates' git repositories, so there is a possibility that published crates have a misleading repository URL, or contain different code from the code in the repository.
To review the actual code of the crate, it's best to use cargo crev open hash_hasher
. Alternatively, you can download the tarball of hash_hasher v2.0.3 or view the source online.
Packaged for Guix (crates-io)