From 9072b172395df7f01426120c728af91dbb07c7fe Mon Sep 17 00:00:00 2001
From: Flavio Castelli <fcastelli@suse.com>
Date: Mon, 8 Jan 2024 13:44:22 +0100
Subject: [PATCH] cargo audit: ignore RUSTSEC-2023-0071

This security issue doesn't affect us

Signed-off-by: Flavio Castelli <fcastelli@suse.com>
---
 .cargo/audit.toml | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/.cargo/audit.toml b/.cargo/audit.toml
index 4e62cb57..6263bd6e 100644
--- a/.cargo/audit.toml
+++ b/.cargo/audit.toml
@@ -1,11 +1,14 @@
 [advisories]
 ignore = [
   "RUSTSEC-2020-0071", # `time` localtime_r segfault -- https://rustsec.org/advisories/RUSTSEC-2020-0071
-                       # Ignored because there are not known workarounds or dependency version bump
-                       # at this time. The call to localtime_r is not protected by any lock and can
-                       # cause unsoundness. Read the previous link for more information.
+  # Ignored because there are not known workarounds or dependency version bump
+  # at this time. The call to localtime_r is not protected by any lock and can
+  # cause unsoundness. Read the previous link for more information.
   "RUSTSEC-2020-0168", # This is about "mach" being unmaintained.
-                       # This is a transitive dependency of wasmtime. This is
-                       # being tracked upstream via https://github.com/bytecodealliance/wasmtime/issues/6000
+  # This is a transitive dependency of wasmtime. This is
+  # being tracked upstream via https://github.com/bytecodealliance/wasmtime/issues/6000
+  # This is a transitive depependency of sigstore
+  "RUSTSEC-2023-0071", # "Classic" RSA timing sidechannel attack from non-constant-time implementation.
+  # Okay for local use.
+  # https://rustsec.org/advisories/RUSTSEC-2023-0071.html
 ]
-