94b9a3028c
cargo audit fails on the rsa "Marvin Attack" advisory, which has NO fixed release (the constant-time rewrite is still unreleased upstream) and rsa is required for GameStream/Moonlight pairing. The attack targets RSA *decryption* (PKCS#1 v1.5 padding oracle); the host uses rsa ONLY for PKCS#1 v1.5 signing/verifying (gamestream/cert.rs + pairing.rs), never for decryption, so the vulnerable path is not exercised. Add the documented .cargo/audit.toml ignore with the justification. The 3 unmaintained warnings (audiopus_sys / paste / rustls-pemfile) are left visible on purpose — `cargo audit` does not fail on them, and they carry a maintenance signal. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>