enricobuehler
6a501f484a
ci / rust (push) Failing after 30s
apple / swift (push) Successful in 57s
ci / web (push) Successful in 38s
ci / docs-site (push) Successful in 1m11s
android / android (push) Successful in 3m34s
deb / build-publish (push) Successful in 2m18s
decky / build-publish (push) Successful in 21s
ci / bench (push) Successful in 4m37s
docker / build-push (--build-arg FEDORA_VERSION=44, ci, ci/fedora-rpm.Dockerfile, punktfunk-fedora44-rpm) (push) Successful in 44s
docker / build-push (., web/Dockerfile, punktfunk-web) (push) Successful in 22s
docker / build-push (ci, ci/fedora-rpm.Dockerfile, punktfunk-fedora-rpm) (push) Successful in 48s
docker / build-push (docs-site, docs-site/Dockerfile, punktfunk-docs) (push) Successful in 45s
docker / build-push (ci, ci/rust-ci.Dockerfile, punktfunk-rust-ci) (push) Successful in 2m17s
rpm / build-publish (bazzite, punktfunk-fedora-rpm) (push) Successful in 8m28s
rpm / build-publish (fedora-44, punktfunk-fedora44-rpm) (push) Successful in 8m12s
docker / deploy-docs (push) Successful in 22s
windows-host / package (push) Successful in 3m12s
cargo audit fails on the rsa "Marvin Attack" advisory, which has NO fixed release (the constant-time rewrite is still unreleased upstream) and rsa is required for GameStream/Moonlight pairing. The attack targets RSA *decryption* (PKCS#1 v1.5 padding oracle); the host uses rsa ONLY for PKCS#1 v1.5 signing/verifying (gamestream/cert.rs + pairing.rs), never for decryption, so the vulnerable path is not exercised. Add the documented .cargo/audit.toml ignore with the justification. The 3 unmaintained warnings (audiopus_sys / paste / rustls-pemfile) are left visible on purpose — `cargo audit` does not fail on them, and they carry a maintenance signal. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>