Report unsoundness for lmdb-rs

[shinmao]

The safe API, which has been reported with undefined behavior, can trigger UB again. It requires a more systematic fix on satisfying safety invariants.

[djc]

@vhbit are you okay with publishing an advisory for this?

@shinmao if you're going to file more advisories, please seek approval from maintainers.

[shinmao]

Hi @djc , thanks for the reminder. As I previously reported, the grace period would be 2 weeks after reporting issues in repo. If still no response, then we can go ahead to send the advisory. Isn't this the policy? Just for confirmation.

[djc]

Hi @djc , thanks for the reminder. As I previously reported, the grace period would be 2 weeks after reporting issues in repo. If still no response, then we can go ahead to send the advisory. Isn't this the policy? Just for confirmation.

It's more of a guideline than a policy, and it's not completely obvious that just pinging on GitHub is sufficient.

[shinmao]

It's more of a guideline than a policy, and it's not completely obvious that just pinging on GitHub is sufficient.

Understood. I think I should also ask the approval for advisories rather than just publising the issue. Thanks!