From 5534bc0321f3a1174882b3fbbf2a08eb19a9868d Mon Sep 17 00:00:00 2001
From: Aleksey Kladov <aleksey.kladov@gmail.com>
Date: Wed, 12 Aug 2020 15:54:39 +0200
Subject: Completely remove cargo audit

My current feeling is that the build maintenance friction it creates
is not proportional to the benefits it provides.

We are pretty frugal with the set of Rust dependencies, and our
security model is "we run build.rs and proc macros", so it doesn't
seem like cargo audit could help us much.
---
 .github/workflows/ci.yaml | 14 --------------
 1 file changed, 14 deletions(-)

(limited to '.github')

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index f977c88be..f46fb8fec 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -16,20 +16,6 @@ env:
   RUSTUP_MAX_RETRIES: 10
 
 jobs:
-  # rust-audit:
-  #   name: Audit Rust vulnerabilities
-  #   runs-on: ubuntu-latest
-  #   steps:
-  #   - name: Checkout repository
-  #     uses: actions/checkout@v2
-
-  #   - uses: actions-rs/install@v0.1
-  #     with:
-  #       crate: cargo-audit
-  #       use-tool-cache: true
-
-  #   - run: cargo audit
-
   rust:
     name: Rust
     runs-on: ${{ matrix.os }}
-- 
cgit v1.2.3