From 433217069180699293c43666b8c00141ba23da9a Mon Sep 17 00:00:00 2001
From: link2xt <link2xt@testrun.org>
Date: Tue, 28 Nov 2023 15:11:37 +0000
Subject: [PATCH] ci: add exception for RUSTSEC-2023-0071 to cargo-deny config

See
<https://rustsec.org/advisories/RUSTSEC-2023-0071>
and discussion at
<https://github.com/RustCrypto/RSA/issues/19>
for details.
---
 deny.toml | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/deny.toml b/deny.toml
index dda5776d7..c0777a7df 100644
--- a/deny.toml
+++ b/deny.toml
@@ -3,6 +3,13 @@ unmaintained = "allow"
 ignore = [
     "RUSTSEC-2020-0071",
     "RUSTSEC-2022-0093",
+
+    # Timing attack on RSA.
+    # Delta Chat does not use RSA for new keys
+    # and this requires precise measurement of the decryption time by the attacker.
+    # There is no fix at the time of writing this (2023-11-28).
+    # <https://rustsec.org/advisories/RUSTSEC-2023-0071>
+    "RUSTSEC-2023-0071",
 ]
 
 [bans]