Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Supply chain: Remove the dependency on subprocess #194

Open
lars-t-hansen opened this issue Oct 8, 2024 · 0 comments
Open

Supply chain: Remove the dependency on subprocess #194

lars-t-hansen opened this issue Oct 8, 2024 · 0 comments
Labels
enhancement New feature or request Later Low priority / background task

Comments

@lars-t-hansen
Copy link
Collaborator

lars-t-hansen commented Oct 8, 2024
edited
Loading

This is lingering work after #152 and there's some preliminary work (really just comments) on w-194-subprocess in my fork of this repo: We want to remove the dependency on the subprocess crate, which we are now touching only very lightly in command.rs. The subprocess crate is permissively licensed and we can crib code if we want.

This is not urgent - we've pinned the version of subprocess in Cargo.toml and we're at very limited risk for supply chain attacks through the existing dependency. But it's nice to not have to worry.
@lars-t-hansen lars-t-hansen added enhancement New feature or request Later Low priority / background task labels Oct 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request Later Low priority / background task
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@lars-t-hansen