Skip to content

support/crate-report-form: Split security checkbox into malicious-code and vulnerability #12043

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Oct 7, 2025
Merged

support/crate-report-form: Split security checkbox into malicious-code and vulnerability #12043

merged 3 commits into from
Oct 7, 2025
+216 −61

Conversation

Turbo87
Copy link
Member

@Turbo87 Turbo87 commented Oct 6, 2025
edited
Loading

This better reflects our security policy, which treats these cases slightly different. With this PR, malicious code reports are also sent to [email protected] to improve response times. Clicking the vulnerability checkbox now shows an additional help text suggesting to the user to first contact the crate author, file a RustSec report and read our security policy.

/cc @rust-lang/security @rust-lang/wg-secure-code

Malicious Code

Bildschirmfoto 2025-10-06 um 14 20 47

Vulnerability

Bildschirmfoto 2025-10-06 um 14 20 33

@Turbo87 Turbo87 added C-enhancement ✨ Category: Adding new behavior or a change to the way an existing feature works A-frontend 🐹 labels Oct 6, 2025
@Turbo87 Turbo87 requested a review from a team October 6, 2025 12:24
@pietroalbini
Copy link
Member

Looks great on my side!

@djc
Copy link

djc commented Oct 6, 2025

Screenshots LGTM. Is it worth calling out "soundness" issues in the same category as vulnerabilities?

@alex
Copy link
Member

alex commented Oct 6, 2025

Looks like a great improvement, thanks.

@Manishearth
Copy link
Member

Good idea!!

@Turbo87 Turbo87 merged commit a493cc2 into rust-lang:main Oct 7, 2025
11 checks passed
@Turbo87 Turbo87 deleted the contact-form branch October 7, 2025 09:02
@Turbo87
Copy link
Member Author

Turbo87 commented Oct 7, 2025

thanks for the reviews everyone! :)

Is it worth calling out "soundness" issues in the same category as vulnerabilities?

I'm not sure. I wouldn't want the contact form to become too verbose, I think.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@LawnGnome LawnGnome LawnGnome approved these changes

+1 more reviewer

@cuviper cuviper cuviper approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

A-frontend 🐹 C-enhancement ✨ Category: Adding new behavior or a change to the way an existing feature works

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@Turbo87 @pietroalbini @djc @alex @Manishearth @cuviper @LawnGnome