Conversation
There was a problem hiding this comment.
Pull request overview
Updates the Rust MPL legacy crate docs/metadata to better reflect intended usage and align package information across the release and runtime copies.
Changes:
- Simplified Rust README content and added security reporting guidance.
- Updated Cargo.toml package metadata (keywords/description/documentation) for
aws-mpl-legacy. - Switched the runtime crate from a local
dafny_runtimepath dependency to a crates.iodafny-runtimedependency.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 6 comments.
| File | Description |
|---|---|
releases/rust/mpl/README.md |
Replaces badges/overview text with a short usage warning and security reporting section. |
releases/rust/mpl/Cargo.toml |
Aligns crate metadata (keywords/description/docs URL) with aws-mpl-legacy. |
AwsCryptographicMaterialProviders/runtimes/rust/README.md |
Mirrors the README simplification and security reporting section. |
AwsCryptographicMaterialProviders/runtimes/rust/Cargo.toml |
Aligns crate metadata and replaces a local Dafny runtime path dependency with a crates.io dependency. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| also provides APIs to define and use wrapping keys from other key providers. | ||
|
|
||
| The AWS Cryptographic Material Providers Library provides methods for encrypting and decrypting cryptographic materials used in higher level client side encryption libraries. | ||
| [Security issue notifications](./CONTRIBUTING.md#security-issue-notifications) |
There was a problem hiding this comment.
[Security issue notifications](./CONTRIBUTING.md#security-issue-notifications) points to a CONTRIBUTING.md in this crate directory, but there is no CONTRIBUTING.md alongside this README. This link will be broken on crates.io; use an absolute GitHub URL (or include the file in the crate package) so the link resolves for consumers.
| [Security issue notifications](./CONTRIBUTING.md#security-issue-notifications) | |
| [Security issue notifications](https://github.com/aws/aws-encryption-sdk-rust/blob/main/CONTRIBUTING.md#security-issue-notifications) |
| This library is licensed under the Apache 2.0 License. | ||
| If you discover a potential security issue in this project | ||
| we ask that you notify AWS/Amazon Security via our | ||
| [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). |
There was a problem hiding this comment.
The vulnerability reporting link uses plain HTTP. Please switch this to HTTPS to avoid downgrade/redirect issues and to keep the security guidance link consistent with secure defaults.
| [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). | |
| [vulnerability reporting page](https://aws.amazon.com/security/vulnerability-reporting/). |
| also provides APIs to define and use wrapping keys from other key providers. | ||
|
|
||
| The AWS Cryptographic Material Providers Library provides methods for encrypting and decrypting cryptographic materials used in higher level client side encryption libraries. | ||
| [Security issue notifications](./CONTRIBUTING.md#security-issue-notifications) |
There was a problem hiding this comment.
[Security issue notifications](./CONTRIBUTING.md#security-issue-notifications) points to a CONTRIBUTING.md in this crate directory, but there is no CONTRIBUTING.md alongside this README. This link will be broken on crates.io; use an absolute GitHub URL (or include the file in the crate package) so the link resolves for consumers.
| [Security issue notifications](./CONTRIBUTING.md#security-issue-notifications) | |
| Security issue notifications |
| This library is licensed under the Apache 2.0 License. | ||
| If you discover a potential security issue in this project | ||
| we ask that you notify AWS/Amazon Security via our | ||
| [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). |
There was a problem hiding this comment.
The vulnerability reporting link uses plain HTTP. Please switch this to HTTPS to avoid downgrade/redirect issues and to keep the security guidance link consistent with secure defaults.
| [vulnerability reporting page](http://aws.amazon.com/security/vulnerability-reporting/). | |
| [vulnerability reporting page](https://aws.amazon.com/security/vulnerability-reporting/). |
| keywords = ["crypto", "cryptography", "security", "encryption", "client-side"] | ||
| license = "ISC AND (Apache-2.0 OR ISC)" | ||
| description = "aws-mpl-rs is a low level library for implementing client side encryption." | ||
| description = "aws-mpl-legacy is a low level library for implementing client side encryption." | ||
| authors = ["AWS-CryptoTools"] | ||
| documentation = "https://docs.rs/crate/aws-mpl-rs" | ||
| documentation = "https://docs.rs/crate/aws-mpl-legacy" |
There was a problem hiding this comment.
PR title indicates only a README update, but this change modifies Cargo package metadata (keywords/description/documentation). Please update the PR title/description to reflect that Cargo.toml metadata is also being changed so the intent is clear to reviewers and release tooling owners.
| aws-smithy-types = "1.3.5" | ||
| chrono = "0.4.42" | ||
| cpu-time = "1.0.0" | ||
| dafny_runtime = { path = "../../../smithy-dafny/TestModels/dafny-dependencies/dafny_runtime_rust", features = ["sync","small-int"]} | ||
| dashmap = "6.1.0" | ||
| pem = "3.0.6" | ||
| tokio = {version = "1.49.0", features = ["full"] } | ||
| uuid = { version = "1.19.0", features = ["v4"] } | ||
| timeout = "0.1.0" | ||
| rand = "0.9.2" | ||
| futures = "0.3" | ||
| dafny-runtime = { version = "0.3.1", features = ["sync", "small-int"] } | ||
|
|
There was a problem hiding this comment.
PR title indicates only a README update, but this change also updates dependencies (removing a path dependency and adding a crates.io dependency). Please update the PR title/description to reflect that this PR changes the Rust build/dependency graph, not just documentation.
Issue #, if available:
Description of changes:
Squash/merge commit message, if applicable:
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.