|
|
|
|
|
|
by dathinab
2282 days ago
|
|
|
I found at least one problematic section when scanning: > The environment variables RUSTC, RUSTC_WRAPPER and RUSTFLAGS must not be overriden when using Cargo to build project. This is simply not true at all. Mainly build cache systems like sccache work by wrapping rustc, there is no reason why using a build cache should be forbidden. (Through currently rust support of sccache is still not perfect and there are some limitations, doesn't change that the rules are to broad.) I also wouldn't be surprised if there are some rustc flags not exposed in cargo profiles which allow trigger some security mechanisms in llvm which are not enabled by default but beneficial for your project. Like always the important think is that you understand what you do and want implications it had. |
|
|